Proceedings of the 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems 2016
DOI: 10.1145/2897035.2897036
|View full text |Cite
|
Sign up to set email alerts
|

On the role of latent design conditions in cyber-physical systems security

Abstract: As cyber-physical systems (CPS) become prevalent in everyday life, it is critical to understand the factors that may impact the security of such systems. In this paper, we present insights from an initial study of historical security incidents to analyse such factors for a particular class of CPS: industrial control systems (ICS). Our study challenges the usual tendency to blame human fallibility or resort to simple explanations for what are often complex issues that lead to a security incident. We highlight t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
12
0

Year Published

2016
2016
2023
2023

Publication Types

Select...
4
2
2

Relationship

4
4

Authors

Journals

citations
Cited by 11 publications
(12 citation statements)
references
References 9 publications
0
12
0
Order By: Relevance
“…A cyber-physical infrastructure, depicted through a Lego ® board, makes the game easy to understand and accessible to players from varying backgrounds and security expertise, without being too trivial a setting for security experts. The particular setting of a utility infrastructure is drawn from our prior experience of technical [26], [27] and non-technical investigations [28] as well as interviews with security experts, field engineers, IT users in such settings [29].…”
Section: Introductionmentioning
confidence: 99%
“…A cyber-physical infrastructure, depicted through a Lego ® board, makes the game easy to understand and accessible to players from varying backgrounds and security expertise, without being too trivial a setting for security experts. The particular setting of a utility infrastructure is drawn from our prior experience of technical [26], [27] and non-technical investigations [28] as well as interviews with security experts, field engineers, IT users in such settings [29].…”
Section: Introductionmentioning
confidence: 99%
“…The key elements to be considered is the method selected to carry out risk assessments, deployed risk models, and adaptation of risk appetite to properly enumerate the threat landscape in particular cases in which IT and ICS integration takes place. Risk-mitigation plans have recently found their way in the cyber-physical ICS environment [51][52][53]. The key components of an informed defence-in-depth framework, within which assurance and functional controls could be integrated, are presented as follows.…”
Section: Orthogonal Defence-in-depth Frameworkmentioning
confidence: 99%
“…Though research has looked at using smart CPS devices as a means to counter usability limitations of existing security feature designs, e.g., [11], the issues of security ergonomics in smart CPS environments have not been considered to date. Recent work by Frey et al [4] has discussed the role that system design plays in influencing operator perceptions during security incidents and highlighted potential challenges in the context of smart CPS. In this paper, we respond to the challenges highlighted by Frey et al and focus on security ergonomics as a key requirement for smart CPS.…”
Section: B Usable Securitymentioning
confidence: 99%
“…Recent work [4] has analysed the role of latent design conditions in impacting security perceptions of operators in industrial control systems and highlighted the challenges posed by smart CPS, notably their emergent design arising from dynamic aggregation of a range of devices and services and the focus on automation that aims to "hide" complexity from the users. Whilst usability is considered a key non-functional requirement during software engineering and there is a body of research on usable security, in this paper we argue that the very properties of emergent design and automation pose key challenges with regards to security behaviours in smart CPS.…”
Section: Introductionmentioning
confidence: 99%