Security and Safety in Cyber-Physical System (CPS): An Inclusive Threat Model

Authors

  • Mardiana Mohamad Noor Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia
  • Ali Selamat Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia
  • Nurulakmar Abu Husain Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia
  • Ondrej Krejcar Hradec Kralove Univesity, Rokitanského 62/26, 500 03 Hradec Králové 3, Czech Republic

DOI:

https://doi.org/10.37934/araset.40.2.176202

Keywords:

Internet of Things (IoT), Cyber Physical Systems (CPS) security, Issues in the Industrial Control Systems (ICS), Attacks to ICS, CPS threat model, Security and safety risk assessment

Abstract

A Cyber-Physical System (CPS) is a combination of computational algorithms and physical processes that are integrated together. Cyber-Physical Systems (CPS) integrate computer and communication capabilities with the monitoring and management of physical parts, establishing a mutually beneficial interaction between the cyber and physical components. Industrial Control System (ICS) is one example of CPS which integrates the physical (OT) and cyber domains (IT), which makes them more vulnerable to attacks. Two essential characteristics of Cyber-Physical Systems (CPS) are safety and security. Threat models are methods for identifying, analysing, and proposing security control countermeasures for threats and their capabilities. However, the threat model methods which are used for the traditional IT systems are not sufficient as they do not include the physical interactions, consequences and impacts to the safety aspects in the Operational Technology (OT). On the other hand, a risk assessment analyses attack scenario, examines cybersecurity from the attacker's point of view, and gives cost-benefit data to support the expenditure on security measures. This study proposes an inclusive attacker’s centric threat model and pro-active risk assessment model for CPS using Mamdani Fuzzy Inference System (FIS). The outcomes of the threat model prove that the lateral propagation of the threat is possible and threat may also propagate from the CPS assets to the IT segment. The risk assessment by using FIS shown that the safety and security risk for the CPS is significant and calculated as medium level. Hence, the risk factors that are considered in calculating the overall risk for a CPS need to be immediately addressed and mitigated.

Downloads

Download data is not yet available.

Author Biographies

Mardiana Mohamad Noor, Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia

mardianamnoor@gmail.com

Ali Selamat, Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia

aselamat@utm.my

Nurulakmar Abu Husain, Malaysia-Japan Institute of Technology, Universiti Teknologi Malaysia, 54100 Kuala Lumpur, Malaysia

nurulakmar@utm.my

Ondrej Krejcar, Hradec Kralove Univesity, Rokitanského 62/26, 500 03 Hradec Králové 3, Czech Republic

ondrej.krejcar@uhk.cz

Published

2024-02-28

Issue

Section

Articles

Most read articles by the same author(s)