Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries-Reference-Cited by-同舟云学术

Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries

Published:2023-06-13 Issue:12 Volume:23 Page:5547
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Fluchs Sarah¹²^ORCID,Taştan Emre³,Trumpf Tobias⁴^ORCID,Horch Alexander⁴,Drath Rainer³,Fay Alexander¹^ORCID

Affiliation:

1. Institute of Automation, Helmut-Schmidt-University, 22043 Hamburg, Germany

2. admeritia GmbH, 40764 Langenfeld (Rheinland), Germany

3. Faculty of Technology, Pforzheim University, 75175 Pforzheim, Germany

4. HIMA Paul Hildebrandt GmbH, 68782 Brühl, Germany

Abstract

“Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the end users’ workload for addressing security during the systems operation phase, security decisions need to be made during engineering, and in a way that is traceable for third parties. However, engineers of cyber-physical systems (CPSs) or, more specifically, industrial control systems (ICSs) typically neither have the security expertise nor time for security engineering. The security-by-design decisions method presented in this work aims to enable them to identify, make, and substantiate security decisions autonomously. Core features of the method are a set of function-based diagrams as well as libraries of typical functions and their security parameters. The method, implemented as a software demonstrator, is validated in a case study with the specialist for safety-related automation solutions HIMA, and the results show that the method enables engineers to identify and make security decisions they may not have made (consciously) otherwise, and quickly and with little security expertise. The method is also well suited to make security-decision-making knowledge available to less experienced engineers. This means that with the security-by-design decisions method, more people can contribute to a CPS’s security by design in less time.

Funder

Bundesministerium für Bildung und Forschung

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/12/5547/pdf

Reference67 articles.

1. Easterly, J., and Goldstein, E. (2023). Stop Passing the Buck on Cybersecurity: Why Companies Must Build Safety Into Tech Products. Foreign Aff., 102, Available online: https://www.foreignaffairs.com/united-states/stop-passing-buck-cybersecurity.

2. European Parliament/European Council (2023, April 01). Proposal for a Regulation on Horizontal Cybersecurity Requirements for Products with Digital Elements (COM/2022/454): Cyber Resilience Act (CRA). Available online: https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act.

3. Biden-Harris Administration (2023, April 01). National Cybersecurity Strategy, Available online: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.

4. CISA, NSA, FBI, ACSC, NCSC-UK, CCCS, BSI, NCSC-NL, CERT NZ, and NCSC-NZ (2023, April 25). Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, Available online: https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default.

5. Hollender, M. (2009). Collaborative Process Automation Systems, ISA.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Requirements Analysis for the Evaluation of Automated Security Risk Assessments;2024 IEEE 20th International Conference on Factory Communication Systems (WFCS);2024-04-17