Risk Management and Standard Compliance for Cyber-Physical Systems of Systems

IF 0.9 Q4 TELECOMMUNICATIONS Infocommunications Journal Pub Date : 2021-01-01 DOI:10.36244/icj.2021.2.5

George Matta, Sebastian Chlup, A. Shaaban, Christoph Schmittner, Andreas Pinzenöhler, Elke Szalai, Markus Tauber

{"title":"Risk Management and Standard Compliance for Cyber-Physical Systems of Systems","authors":"George Matta, Sebastian Chlup, A. Shaaban, Christoph Schmittner, Andreas Pinzenöhler, Elke Szalai, Markus Tauber","doi":"10.36244/icj.2021.2.5","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) and cloud technologies are increasingly implemented in the form of Cyber-Physical Systems of Systems (CPSoS) for the railway sector. In order to satisfy the security requirements of Cyber-Physical Systems (CPS), domainspecific risk identification assessment procedures have been developed. Threat modelling is one of the most commonly used methods for threat identification for the security analysis of CPSoS and is capable of targeting various domains. This paper reports our experience of using a risk management framework identify the most critical security vulnerabilities in CPSoS in the domain and shows the broader impact this work can have on the domain of safety and security management. Moreover, we emphasize the application of common analytical methods for cyber-security based on international industry standards to identify the most vulnerable assets. These will be applied to a meta-model for automated railway systems in the concept phase to support the development and deployment of these systems. Furthermore, it is the first step to create a secure and standard complaint system by design.","PeriodicalId":42504,"journal":{"name":"Infocommunications Journal","volume":"1 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Infocommunications Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.36244/icj.2021.2.5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 7

Abstract

The Internet of Things (IoT) and cloud technologies are increasingly implemented in the form of Cyber-Physical Systems of Systems (CPSoS) for the railway sector. In order to satisfy the security requirements of Cyber-Physical Systems (CPS), domainspecific risk identification assessment procedures have been developed. Threat modelling is one of the most commonly used methods for threat identification for the security analysis of CPSoS and is capable of targeting various domains. This paper reports our experience of using a risk management framework identify the most critical security vulnerabilities in CPSoS in the domain and shows the broader impact this work can have on the domain of safety and security management. Moreover, we emphasize the application of common analytical methods for cyber-security based on international industry standards to identify the most vulnerable assets. These will be applied to a meta-model for automated railway systems in the concept phase to support the development and deployment of these systems. Furthermore, it is the first step to create a secure and standard complaint system by design.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

系统的网络物理系统的风险管理和标准遵从

物联网(IoT)和云技术越来越多地以网络物理系统(cpso)的形式应用于铁路部门。为了满足信息物理系统(CPS)的安全要求，开发了特定领域的风险识别评估程序。威胁建模是cpso安全分析中最常用的威胁识别方法之一，能够针对不同的领域。本文报告了我们使用风险管理框架的经验，确定了该领域cpso中最关键的安全漏洞，并展示了这项工作对安全和安全管理领域的更广泛影响。此外，我们强调基于国际行业标准的网络安全通用分析方法的应用，以识别最脆弱的资产。这些将在概念阶段应用于自动化铁路系统的元模型，以支持这些系统的开发和部署。此外，从设计上建立一个安全、规范的投诉系统是第一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Infocommunications Journal TELECOMMUNICATIONS-

CiteScore

1.90

自引率

27.30%

发文量