Security and Privacy in Cyber-Physical Systems E-Book

Table of Contents

Cover

Title Page

Copyright

List of Contributors

Foreword

Preface

Acknowledgments

Chapter 1: Overview of Security and Privacy in Cyber-Physical Systems

1.1 Introduction

1.2 Defining Security and Privacy

1.3 Defining Cyber-Physical Systems

1.4 Examples of Security and Privacy in Action

1.5 Approaches to Secure Cyber-Physical Systems

1.6 Ongoing Security and Privacy Challenges for CPSs

1.7 Conclusion

References

Chapter 2: Network Security and Privacy for Cyber-Physical Systems

2.1 Introduction

2.2 Security and Privacy Issues in CPSs

2.3 Local Network Security for CPSs

2.4 Internet-Wide Secure Communication

2.5 Security and Privacy for Cloud-Interconnected CPSs

2.6 Summary

2.7 Conclusion and Outlook

Acknowledgments

References

Chapter 3: Tutorial on Information Theoretic Metrics Quantifying Privacy in Cyber-Physical Systems

3.1 Social Perspective and Motivation

3.2 Information Theoretic Privacy Measures

3.3 Privacy Models and Protection

3.5 Conclusion and Outlook

Appendix A Derivation of the Mutual Information Based on the KLD

Appendix B Derivation of the Mutual Information In Terms of Entropy

Appendix C Derivation of the Mutual Information Conditioned on

Appendix D Proof of Corollary 3.1

References

Chapter 4: Cyber-Physical Systems and National Security Concerns

4.1 Introduction

4.2 National Security Concerns Arising from Cyber-Physical Systems

4.3 National Security Implications of Attacks on Cyber-Physical Systems

4.4 Conclusion

References

Chapter 5: Legal Considerations of Cyber-Physical Systems and the Internet of Things

5.1 Introduction

5.2 Privacy and Technology in Recent History

5.3 The Current State of Privacy Law

5.4 Meeting Future Challenges

References

Chapter 6: Key Management in CPSs

6.1 Introduction

6.2 Key Management Security Goals and Threat Model

6.3 CPS Key Management Design Principles

6.4 CPS Key Management

6.5 CPS Key Management Challenges and Open Research Issues

6.6 Summary

References

Chapter 7: Secure Registration and Remote Attestation of IoT Devices Joining the Cloud: The Stack4Things Case of Study

7.1 Introduction

7.2 Background

7.3 Reference Scenario and Motivation

7.4 Stack4Things Architecture

7.5 Capabilities for Making IoT Devices Secure Over the Cloud

7.6 Adding Security Capabilities to Stack4Things

7.7 Conclusion

References

Chapter 8: Context Awareness for Adaptive Access Control Management in IoT Environments

8.1 Introduction

8.2 Security Challenges in IoT Environments

8.3 Surveying Access Control Models and Solutions for IoT

8.4 Access Control Adaptation: Motivations and Design Guidelines

8.5 Our Adaptive Context-Aware Access Control Solution for Smart Objects

8.6 Open Technical Challenges and Concluding Remarks

References

Chapter 9: Data Privacy Issues in Distributed Security Monitoring Systems

9.1 Information Security in Distributed Data Collection Systems

9.2 Technical Approaches for Assuring Information Security

9.3 Approaches for Building Trust in Data Collection Systems

9.4 Conclusion

References

Chapter 10: Privacy Protection for Cloud-Based Robotic Networks

10.1 Introduction

10.2 Cloud Robot Network: Use Case, Challenges, and Security Requirements

10.3 Establishment of Cloud Robot Networks

10.4 Communication Security

10.5 Security Management of Cloud Robot Networks

10.6 Related Work

10.7 Conclusion

References

Chapter 11: Toward Network Coding for Cyber-Physical Systems: Security Challenges and Applications

11.1 Introduction

11.2 Background on Network Coding and Its Applications

11.3 Security Challenges

11.4 Secure Network Coding

11.5 Applications of Network Coding in Providing Security

11.6 Conclusion

Acknowledgment

References

Chapter 12: Lightweight Crypto and Security

12.1 Introduction

12.2 Cyber-Physical Systems

12.3 Security and Privacy in Cyber-Physical Systems

12.4 Lightweight Cryptography Implementations for Security and Privacy in CPSs

12.5 Opportunities and Challenges

12.6 Conclusion

Acknowledgments

References

Chapter 13: Cyber-Physical Vulnerabilities of Wireless Sensor Networks in Smart Cities

13.1 Introduction

13.2 WSN Applications in Smart Cities

13.3 Cyber-Physical Vulnerabilities

13.4 Solution Approaches

13.5 Conclusion

Acknowledgment

References

Chapter 14: Detecting Data Integrity Attacks in Smart Grid

14.1 Introduction

14.2 Literature Review

14.3 Network and Threat Models

14.4 Our Approach

14.5 Performance Evaluation

14.6 Extension

14.7 Conclusion

References

Chapter 15: Data Security and Privacy in Cyber-Physical Systems for Healthcare

15.1 Introduction

15.2 Medical Cyber-Physical Systems

15.3 Data Security and Privacy Issues and Challenges in WBANs

15.4 Existing Security and Privacy Solutions in WBAN

15.5 Conclusion

References

Chapter 16: Cyber Security of Smart Buildings

16.1 What Is a Smart Building?

16.2 Communication Protocols for Smart Buildings

16.3 Attacks

16.4 Solutions to Protect Smart Buildings

16.5 Recent Trends in Smart Building Security Research

16.6 Conclusion and Outlook

References

Chapter 17: The Internet of Postal Things: Making the Postal Infrastructure Smarter

17.1 Introduction

17.2 Scoping the Internet of Postal Things

17.3 Identifying Internet of Postal Things Applications

17.4 The Future of IoPT

17.5 Conclusion

References

Chapter 18: Security and Privacy Issues in the Internet of Cows

18.1 Precision Livestock Farming

18.2 Security and Privacy of IoT in Agriculture

18.3 Conclusion

References

Chapter 19: Admission Control-Based Load Protection in the Smart Grid

19.1 Introduction

19.2 Related Work

19.3 Our Approach

19.4 Performance Evaluation

19.5 Conclusion

References

Editor Biographies

Index

End User License Agreement

Pages

xvii

xviii

xix

xx

xxi

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

427

428

429

430

431

432

433

434

435

436

437

Guide

Cover

Table of Contents

Foreword

Preface

Begin Reading

List of Illustrations

Chapter 1: Overview of Security and Privacy in Cyber-Physical Systems

Figure 1.1 Security attack points in CPSs.

Figure 1.2 How information and physical-security principles support each other. Straight lines without arrows show two-way relationships. Curved lines with arrows show one-way relationships where the principle at the tail supports or enables the principle at the arrowhead. Dashed lines imply inverse relationships. (a) Confidentiality, (b) integrity, (c) availability, and (d) authentication and nonrepudiation.

Figure 1.3 Mapping example security mechanisms (rows) to information security principles and physical-security controls they enable (columns).

Chapter 3: Tutorial on Information Theoretic Metrics Quantifying Privacy in Cyber-Physical Systems

Figure 3.1 Scenario: A distributed sensor network with different locations and routes.

Chapter 6: Key Management in CPSs

Figure 6.1 Cyber-physical system architecture.

Figure 6.2 Abstraction of CPS.

Figure 6.3 CPS attack model.

Figure 6.4 Key hierarchy.

Figure 6.5 Structure of a SCADA system.

Chapter 7: Secure Registration and Remote Attestation of IoT Devices Joining the Cloud: The Stack4Things Case of Study

Figure 7.1 Reference scenario.

Figure 7.2 Stack4Things overall architecture, in the case of Arduino YUN-like boards.

Figure 7.3 Stack4Things board-side architecture.

Figure 7.4 Stack4Things Cloud-side architecture.

Figure 7.5 Arduino YUN hardware architecture.

Chapter 10: Privacy Protection for Cloud-Based Robotic Networks

Figure 10.1 A robot-supported product management system for a department store's individual shops.

Figure 10.2

Doctrine

– Abstract community description.

Figure 10.3 Community member management based on ABE scheme.

Figure 10.4 The protocol for bootstrapping cloud robot communities.

Figure 10.5 The protocol for joining an existing community.

Figure 10.6 A participant notifies the administrator about its intention of departure.

Figure 10.7 The protocol to notify the administrator when a particular service is detected to be unavailable within the community.

Figure 10.8 The protocol for service access control where a client broadcasts to multiple servers simultaneously.

Figure 10.9 The protocol for service access control where a server broadcasts to multiple clients simultaneously.

Chapter 11: Toward Network Coding for Cyber-Physical Systems: Security Challenges and Applications

Figure 11.1 Network coding in wired networks. Butterfly network.

Figure 11.2 Network coding in wireless networks.

Figure 11.3 Network coding in wireless networks, COPE method.

Figure 11.4 Link loss rate inference [13, 31].

Figure 11.5 Classification of eavesdroppers. (a) Malicious or non-malicious. (b) External or internal.

Figure 11.6 Encrypting coefficients of coded packets instead of encrypting the original packets.

Figure 11.7 Encrypting coefficients of coded packets in the case of multilayer videos.

Figure 11.8 P-coding scheme [57, 58]. Combining network coding and permutation to provide security.

Figure 11.9 Secret key distribution using network coding [32, 61]. Here, and are the identifiers of nodes and , respectively. Also, and are the messages that should be transferred securely from nodes and to each other. The encrypted messages with keys and are represented as and , respectively.

Chapter 12: Lightweight Crypto and Security

Figure 12.1 Trade-offs between security, cost, and performance.

Chapter 13: Cyber-Physical Vulnerabilities of Wireless Sensor Networks in Smart Cities

Figure 13.1 The characteristics of a smart city.

Figure 13.2 WSN applications in a smart home.

Figure 13.3 A WSN for substation monitoring.

Figure 13.4 A summary of WSN applications in the ITS.

Figure 13.5 A conceptual depiction of RTMSA.

Figure 13.6 Cyber-physical interactions and threats.

Chapter 14: Detecting Data Integrity Attacks in Smart Grid

Figure 14.1 Network model.

Figure 14.2 Framework.

Figure 14.3 Load-altering attack.

Figure 14.4 Monitored data under different attack scenarios.

Figure 14.5 Workflow for machine learning-based detection.

Figure 14.6 Workflow of sequential hypothesis testing-based detection.

Figure 14.7 Simulation model.

Figure 14.8 Samples of monitored data.

Figure 14.9 Detection rate versus attack strength.

Figure 14.10 False positive rate versus threshold.

Figure 14.11 Detection rate versus threshold (voltage).

Figure 14.12 Detection rate versus threshold (power).

Figure 14.13 Detection results of machine learning-based detection.

Figure 14.14 False positive rate versus threshold: (a) voltage and (b) power.

Figure 14.15 Detection rate versus detection time: (a) voltage and (b) power.

Chapter 15: Data Security and Privacy in Cyber-Physical Systems for Healthcare

Figure 15.1 A WBAN architecture with sensor nodes, coordinator, gateways and APs.

Figure 15.2 All types of interference in WBANs, consisting of the co-existence of another WBAN, Bluetooth devices, ZigBee devices, microwave oven, WiFi access point, walkie-talkie, and baby monitors.

Chapter 16: Cyber Security of Smart Buildings

Figure 16.1 Example of a smart building with its components.

Figure 16.2 An example of KNX topology using all possible media: twisted pair (solid black), power line (dotted), radio frequency, and IP (dashed gray). Two areas (1 and 2) are visible, with some devices directly on the main line of each area (e.g., devices 1.0.1, 1.0.62) and some devices connected via a line coupler (e.g., devices 1.1.1 and 1.1.64). One line (2.1) in area 2 is extended using a line repeater (2.1.64). Up to three line repeaters can be placed on the same line, allowing a maximum of 252 end devices on one line.

Figure 16.3 The structure of KNX telegrams. The address consists of source and destination address (each 2 bytes), together with one byte of address control bits.

Figure 16.4 The structure of a BACnet MS/TP frame (above) and BACnet/IP frame (below). The MS/TP preamble has a fixed value 0x55FF. The padding is optional and has a fixed value of 0xFF when used. The data portion is present only if the length is nonzero. For BACnet/IP, the presence of Network layer Protocol Data Unit (NPDU) and Application layer Protocol Data Unit (APDU) is determined by the control octet, which is the first octet of the NPDU portion of the frame.

Figure 16.5 Example of a complex BACnet/IP Network Layout. Devices on each BACnet/IP network segment cannot directly send broadcast messages to other segments. Instead, the broadcasts are handled by the BBMDs, exactly one of which has to present on each network segment.

Chapter 17: The Internet of Postal Things: Making the Postal Infrastructure Smarter

Figure 17.1 Key IoPT applications.

Source

: USPS Office of Inspector General and IBM analysis.

Figure 17.2 The potential uses of a connected mailbox.

Source

: USPS Office of Inspector General and IBM analysis.

Figure 17.3 The four phases of the industrial Internet evolution.

Source

: Adapted from World Economic Forum (2015, p. 8).

Chapter 18: Security and Privacy Issues in the Internet of Cows

Figure 18.1 Precision livestock farming control loop for a single biochemical process. Adapted from (Berckmans, 2006).

Figure 18.2 RFID ear tag system.

Figure 18.3 Consolidation of beef (a) Beef cattle, including data from feedlots and dairy (b) industries into larger concerns.

Source

: USDA, Economic Research Service, compiled from Census of Agriculture data (https://www.agcensus.usda.gov).

Chapter 19: Admission Control-Based Load Protection in the Smart Grid

Figure 19.1 A power grid simulation model.

Figure 19.2 Load shedding algorithm based on load's priority.

Figure 19.3 Load shedding queue: smallest load first.

Figure 19.4 Load shedding queue: largest load first.

Figure 19.5 Load shedding queue: priority-based shedding.

Figure 19.6 Load shedding queue: fair priority-based shedding.

Figure 19.7 Total load in normal operation.

Figure 19.8 Total load in overload condition.

Figure 19.9 Brutal load admission control.

Figure 19.10 Power generation for load-size-based shedding.

Figure 19.11 Loads status in load-size-based shedding: smallest load first.

Figure 19.12 Loads status in load-size-based shedding: largest load first.

Figure 19.13 Power generation for priority-based shedding.

Figure 19.16 Loads status for fair priority-based load shedding.

Figure 19.14 Loads status in priority-based shedding: incoming load with priority 2.

Figure 19.15 Loads status for priority-based load shedding.

Figure 19.17 Power generation for fair priority-based load shedding.

List of Tables

Chapter 3: Tutorial on Information Theoretic Metrics Quantifying Privacy in Cyber-Physical Systems

Table 3.1 Example: The left-hand side Table shows the true data and the right-hand side gives the data after anonymization

Table 3.2 Example: -anonymity with

Table 3.3 Overview of additional anonymization approaches beyond -anonymity

Table 3.4 Home ZIP codes are anonymized by using 3-anonymity

Table 3.5 Work ZIP codes are anonymized by using 3-anonymity

Chapter 6: Key Management in CPSs

Table 6.1 CPS key management design principles

Table 6.2 Public key cryptography: average ECC and RSA execution times

Table 6.3 Public key cryptography: average energy costs of digital signature and key exchange computations (mJ)

Table 6.4 Symmetric key cryptography: average RC5 and Skipjack execution times

Table 6.5 Symmetric key cryptography: average energy numbers for AES and SHA-1

Chapter 10: Privacy Protection for Cloud-Based Robotic Networks

Table 10.1 The specification of pReferences

Table 10.2 CP-ABE private keys assigned to each robot in a shop's private community

Table 10.3 ABE challenge encryption policy for service access control within a shop's private community

Table 10.4 ABE challenge encryption policy for service access control within the department store's global community

Chapter 11: Toward Network Coding for Cyber-Physical Systems: Security Challenges and Applications

Table 11.1 Classification of network coding applications

Table 11.2 Classification of the attacks in network coding

Chapter 13: Cyber-Physical Vulnerabilities of Wireless Sensor Networks in Smart Cities

Table 13.1 Summary of common physical-attacks

Table 13.2 Summary of common cyber-attacks

Chapter 16: Cyber Security of Smart Buildings

Table 16.1 Comparison of the various aspects of the BAS communication protocols

Chapter 17: The Internet of Postal Things: Making the Postal Infrastructure Smarter

Table 17.1 Number of postal “things.”

Table 17.2 The potential annual dollar value of select short-term IoPT applications

Security and Privacy in Cyber-Physical Systems

Foundations, Principles, and Applications

This edition first published 2018

© 2018 John Wiley & Sons Ltd

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permision to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Houbing Song, Glenn A. Fink and Sabina Jeschke to be identified as the Editors of the editorial material in this work has been asserted in accordance with law.

Registered Offices

John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

Editorial Office

The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging-in-Publication Data

Names: Song, Houbing, editor. | Fink, Glenn A., editor. | Jeschke, Sabina, editor.

Title: Security and privacy in cyber-physical systems : foundations, principles, and applications / edited by Houbing Song, Glenn A. Fink, Sabina Jeschke.

Description: First edition. | Chichester, UK ; Hoboken, NJ : John Wiley & Sons, 2017. | Includes bibliographical references and index. |

Identifiers: LCCN 2017012503 (print) | LCCN 2017026821 (ebook) | ISBN 9781119226055 (pdf) | ISBN 9781119226062 (epub) | ISBN 9781119226048 (cloth)

Subjects: LCSH: Computer networks-Security measures. | Data protection.

Classification: LCC TK5105.59 (ebook) | LCC TK5105.59 .S43923 2017 (print) | DDC 005.8-dc23

LC record available at https://lccn.loc.gov/2017012503

Hardback: 9781119226048

Cover design: Wiley

Cover image: © fztommy/Shutterstock

List of Contributors

Amber Adams-Progar

Department of Animal Sciences

Washington State University

USA

David W. Archer

Galois, Inc.

USA

Gerd Ascheid

Institute for Communication Technologies and Embedded Systems

RWTH Aachen University

Aachen

Germany

Naim Bajcinca

University of Kaiserslautern

Kaiserslautern

Germany

Paolo Bellavista

Computer Science and Engineering Department (DISI)

University of Bologna

Bologna

Italy

Aida Čaušević

Mälardalen University

Västerås

Sweden

Antonio Celesti

Department of Engineering

University of Messina

Messina

Italy

Cary E. Crawford

Oak Ridge National Laboratory

Nuclear Science and Engineering Directorate

USA

Guido Dartmann

Environmental Campus Birkenfeld

University of Applied Sciences Trier

Hoppstädten-Weiersbach

Germany

Mehmet Ö. Demir

Faculty of Electrical and Electronics Engineering

Istanbul Technical University

Istanbul

Turkey

Jean Philippe Ducasse

Digital and Global Team

U.S. Postal Service Office of Inspector General

Arlington, VA

USA

Thomas W. Edgar

Pacific Northwest National Laboratory

National Security Directorate

USA

Maria Fazio

Department of Engineering

University of Messina

Messina

Italy

Glenn A. Fink

Pacific Northwest National Laboratory

National Security Directorate

USA

Hossein Fotouhi

Mälardalen University

Västerås

Sweden

Linqiang Ge

Department of Computer Science

Georgia Southwestern State University

USA

Nada Golmie

Wireless Network Division

National Institute of Standards and Technology

USA

David Griffith

Wireless Network Division

National Institute of Standards and Technology

USA

Md. Mahmud Hasan

School of Electrical Engineering and Computer Science

University of Ottawa

Ottawa, ON

Canada

Martin Henze

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Jens Hiller

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Christopher M. Hoxie

Georgetown University School of Law

Washington, DC

USA

René Hummen

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Jiong Jin

School of Software and Electrical Engineering

Swinburne University of Technology

Melbourne

Australia

Jaspreet Kaur

Department of Cyber Security

Fraunhofer FKIE

Bonn

Germany

Sye L. Keoh

School of Computing Science

University of Glasgow

Glasgow

UK

Hajoon Ko

Harvard John A. Paulson School of Engineering and Applied Sciences

Harvard University

Cambridge, MA

USA

Alexandra Kobekova

Department of Cyber Security

Fraunhofer FKIE

Bonn

Germany

Jeff Kosseff

Cyber Science Department

United States Naval Academy

Annapolis, MD

USA

Gunes K. Kurt

Faculty of Electrical and Electronics Engineering

Istanbul Technical University

Istanbul

Turkey

Hendrik Laux

Institute for Communication Technologies and Embedded Systems

RWTH Aachen University

Aachen

Germany

Don Llewellyn

Washington State University

Benton County Extension

USA

Francesco Longo

Department of Engineering

University of Messina

Messina

Italy

Volker Lücken

Institute for Communication Technologies and Embedded Systems

RWTH Aachen University

Aachen

Germany

Kristina Lundqvist

Mälardalen University

Västerås

Sweden

Douglas G. MacDonald

Pacific Northwest National Laboratory

National Security Directorate

USA

Sriharsha Mallapuram

Department of Computer & Information Sciences

Towson University

Maryland

USA

Roman Matzutt

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Jeffery A. Mauth

National Security Directorate

Pacific Northwest National Laboratory

USA

Giovanni Merlino

Department of Engineering

University of Messina

Messina

Italy

Rebecca Montanari

Computer Science and Engineering Department (DISI)

University of Bologna

Bologna

Italy

Hussein T. Mouftah

School of Electrical Engineering and Computer Science

University of Ottawa

Ottawa, ON

Canada

Paul Moulema

Department of Computer and Information Technology

Western New England University

USA

Jason Nikolai

College of Computing

Dakota State University

Madison, SD

USA

Pouya Ostovari

Department of Computer and Information Sciences

Temple University

Philadelphia, PA

USA

Paola Piscioneri

Digital and Global Team

U.S. Postal Service Office of Inspector General

Arlington, VA

USA

Antonio Puliafito

Department of Engineering

University of Messina

Messina

Italy

Jessica Raines

Digital and Global Team

U.S. Postal Service Office of Inspector General

Arlington, VA

USA

Theora R. Rice

Pacific Northwest National Laboratory

National Security Directorate

USA

Alan C. Rither

Pacific Northwest National Laboratory

operated by Battelle Memorial Institute for the United States Department of Energy

Richland, WA

USA

David Su

Wireless Network Division

National Institute of Standards and Technology

Maryland

USA

Hala Tawalbeh

Computer Engineering Department

Jordan University of Science and Technology

Irbid

Jordan

Lo'ai A. Tawalbeh

Computer Engineering Department

Umm Al-Qura University

Makkah

Saudi Arabia

and

Computer Engineering Department

Jordan University of Science and Technology

Irbid

Jordan

Jernej Tonejc

Department of Cyber Security

Fraunhofer FKIE

Bonn

Germany

Ely Walker

Department of Animal Sciences

Washington State University

USA

Yong Wang

College of Computing

Dakota State University

Madison, SD

USA

Klaus Wehrle

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Steffen Wendzel

Department of Cyber Security

Fraunhofer FKIE

Bonn

Germany

Jie Wu

Department of Computer and Information Sciences

Temple University

Philadelphia, PA

USA

Guobin Xu

Department of Computer Science and Information Technologies

Frostburg State University

USA

Wei Yu

Department of Computer and Information Sciences

Towson University

USA

Martina Ziefle

Human-Computer Interaction Center

RWTH Aachen University

Aachen

Germany

Jan H. Ziegeldorf

Communication and Distributed Systems

RWTH Aachen University

Aachen

Germany

Foreword

Over the past years, my students and I have been looking for a reference book that can provide comprehensive knowledge on security and privacy issues in cyber-physical systems (CPSs). Our fruitless search did not make us feel disappointed as we understand that the subject areas are full of unique challenges stemming from various application domains such as healthcare, smart grids, and smart homes, making nonexistent the “one-size-fits-all” type of solutions, and that the integration of “cyber” and “physical” worlds opens the doors for insidious and smart attackers to manipulate extraordinarily, leading to new cyber-attacks and defense technologies other than those originated from the traditional computer and network systems.

Thanks to this book edited by three distinguished scholars in cybersecurity and privacy, we finally get access to first-hand and state-of-the-art knowledge in security and privacy of CPSs. Dr. Houbing Song brings his multidisciplinary background spanning communications and networking, signal processing and control. He has worked on authentication, physical layer security, and differential privacy, and their applications in transportation, healthcare, and emergency response. Dr. Glenn A. Fink is a cybersecurity researcher who specializes in bioinspired security and privacy technologies. He has worked for the US government on a variety of military and national security projects. Dr. Sabina Jeschke is an expert in Internet of Things (IoT) and AI-driven control technologies in distributed systems. She has worked on safeguarding the reliability and trustworthiness of cyber manufacturing systems.

The term “cyber-physical systems,” CPSs in short, was coined 10 years ago (in 2006) by several program officers at the National Science Foundation (NSF) in the United States. According to the NSF CPS program solicitation, CPS is defined to be “engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components.” It is strongly connected to the popular term IoT, which emphasizes more on implementation than on foundation of the conjoining of our physical and information worlds. One can use three words to summarize CPS as “connected,” “sensing,” and “control,” corresponding to the three intermingled aspects of CPSs: the physical world itself is connected via networking technologies and it is integrated with the cyberspace via sensing and control, typically forming a closed loop. Just like the Internet, which has been suffering from various attacks from the very beginning (an early warning of intrusion was raised in 1973, only 4 years after ARPANET was built), the system vulnerabilities of CPSs can be easily exploited maliciously, threatening the safety, efficiency, and service availability of CPSs.

Security and privacy are the most critical concerns that may hinder the wide deployment of CPSs if not properly addressed, as highlighted in the Federal Cybersecurity Research and Development Strategic Plan (RDSP) and the National Privacy Research Strategy (NPRS) released by the National Science and Technology Council (NSTC) in 2016. The connected physical world suffers from not only the attacks targeting today's networked systems but also new ones such as sensitive device (e.g., a controller of a power plant) discovery; the fine-grained, heterogeneous, and massive sensing data are vulnerable to various inference attacks, causing privacy disclosure and data safety violations; and the control signals can be manipulated to launch various attacks such as the device state inference attack, leading to system instability. Therefore, any effort toward securing the emerging CPSs and protecting their data privacy is of paramount importance. Nevertheless, to the larger CPS community, building economically successful CPSs seems to be the priority, since traditionally security and privacy issues can be resolved via patching. This obviously is inappropriate as security and privacy protection must be considered from the very beginning when building a CPS – an important lesson we have learned from the evolution of the Internet. To educate today's CPS engineers as well as the next-generation CPS players, materials summarizing the state-of-the-art techniques and potential challenges in security and privacy of CPS are desperately needed.

This timely book provides a comprehensive overview on security and privacy of CPSs. It positions itself uniquely from the following aspects based on its contents/technical contributions:

It is the most far-ranging one that covers all-around knowledge of CPS cyber-attacks and defenses, from both technical and policy/operational perspectives, making it suitable for all readers with diverse backgrounds and interests.

It stresses the importance of privacy protection in CPSs, covering privacy-preserving algorithms and privacy metrics for modern CPS and IoT applications.

It addresses the impact of security and privacy on the quality of data in CPSs, which is strongly related to the system performance and user experience.

It covers traditional CPSs such as smart grids and smart cities as well as emerging CPSs such as postal infrastructures and precision agriculture, investigating their unique cybersecurity challenges and trade-offs between service availability and security.

This book contains 19 self-contained chapters authored by experts in academia, industry, and government. By reading this book, readers can gain thorough knowledge on security and privacy in CPSs, preparing them for furthering their in-depth security and privacy research, enhancing the attack resistance of their own CPS, and enabling them to identify and defend potential security violations and system vulnerabilities.

Xiuzhen (Susan) Cheng Professor, IEEE Fellow, Department of Computer Science, The George Washington University

Preface

The idea of automation is as old as mankind and has produced a wide range of artifacts from simple tools to complex robotic control systems. In the 1940s, work-saving machinery began to evolve from the purely mechanical to information systems, starting with the birth of computers and the emerging discipline of cybernetics. The idea behind cybernetics was to have machines conduct sensing and control operations that exceeded human capabilities for warfare applications. Robotics (machines to semiautonomously manipulate the physical world) was the natural outgrowth of this field of inquiry. In the 1960s, the Internet was conceived, bringing new ways for humans to communicate worldwide across computer networks. The blending of mechanical power, information processing, and global communications was perhaps inevitable, but the applications and implications of this merger are yet to be fully understood.

Cyber-physical systems (CPSs) are engineered systems that are built from, and depend upon, the seamless integration of sensing, computation, control, and networking in physical objects and infrastructures. This integration of communication, sensing, and control is enabling highly adaptable, scalable, resilient, secure, and usable applications whose capabilities far exceed stand-alone embedded systems. The CPS revolution is transforming the way people interact with engineered systems and is driving innovation and competition in sectors such as agriculture, energy, transportation, building design and automation, healthcare, and manufacturing.

The number of Internet-connected devices already outnumbers the human population of the planet. By 2020, some expect the number of these devices to exceed 50 billion. Many of these devices are CPSs that control automobiles, airplanes, appliances, smart electric grids, dams, industrial systems, and even multinational infrastructures such as pipelines, transportation, and trade. This trend toward distributed systems of Internet-connected smart devices has recently accelerated with the rise of the Internet of Things (IoT) as its backbone. A goal of the IoT is to connect any device to any other at any time via any protocol from anywhere in the world. Today this goal is only partially realized.

CPS technologies blur the lines between infrastructural and personal spaces. This blurring is being engineered into the IoT where personal CPSs (such as phones, appliances, and automobiles) bearing personal data can reach up into public infrastructures to access services. Infrastructural technologies such as smart roads, e-government, and city services have become personal by providing private portals into public services. Thus, personal technologies, enabled by the IoT, have vastly extended the scope of critical infrastructures and even created new ones. Unlike the embedded systems of a decade ago, modern CPSs incorporate components from different providers using interface standards that specify communication protocols and physical operation requirements.

While a CPS can be thought of as a blend of cybernetics and telecommunications, every CPS is much greater than the sum of its parts. The cyber and physical components cannot be analyzed separately. Malfunctions in the software portion of the system may cause unexpected physical behaviors. Unanticipated physical sensations may trigger untested parts of the system software. Beyond cyber or physical failures, problems can arise from communications between devices that are allowed to interact in ways that will be harmful or allow sensitive data to fall into the wrong hands. Further, a CPS typically involves real-time sensing and human operators who make their decisions informed by real-time data. Thus, humans, too, can be a major source of failure in these complex systems. Holistic system analysis is critical to ensure security, integrity, and conformance to the expected behavior profile.

The blended nature of CPSs simultaneously offers new uses of technology and enables new abuses of it. The increasing intelligence and awareness of physical devices such as medical devices, cars, houses, and utilities can dramatically increase the adverse consequences of misuse. Cybersecurity and privacy have emerged as major concerns in human rights, commerce, and national security that affect individuals, governments, and society as a whole. New degrees of connectivity between personal and infrastructural systems can result in leakage of personal data producing serious privacy concerns. Integration with private devices may threaten infrastructure by expanding its attack surface. CPSs are subject to security threats that exploit their increased complexity and connectivity to critical infrastructure systems and may introduce new societal risks to economy, public safety, and health. Some of these concerns are “existential threats” to individual lives and society. The potentially global nature of CPSs has produced a need for trust in cyber-physical (and other) systems that transcend national regulatory authorities.

To address these cybersecurity and privacy challenges, novel, transformative, and multidisciplinary approaches are needed at the confluence of cybersecurity, privacy, and CPSs. We are at a critical juncture where the growth and ubiquity of CPSs is accelerating exponentially. We must understand these systems and engineer them thoughtfully to prevent anticipated and unknown problems.

The purpose of the book is to help readers expand and refine their understanding of the key technical, social, and legal issues at stake, to understand the range of technical issues affecting hardware and software in infrastructure components, and to assess the impacts of the blended nature of these systems on individuals, infrastructures, and society. Especially, this book will present the state of the art and the state of the practice of how to address a number of unique security and privacy challenges facing CPSs including the following:

1.

The irreversible nature of the interactions of CPSs with the physical world

2.

The rapidly increasing scale of deployment

3.

The amalgamated nature of CPS-enabled infrastructures

4.

The deep embedding and long projected lifetimes of CPS components

5.

The interaction of CPSs with users at different scales, degrees of control, and expertise levels

6.

The economic and policy constraints that are needed to govern CPS design and deployment

7.

The accelerated degree of sensing and collection of information related to a large range of everyday human activities

8.

The asymmetric ability of adversaries to attack physical-world targets through cyber means and vice versa.

This edited book aims at presenting the scientific foundations and engineering principles needed to ensure cybersecurity and privacy in CPSs in general and in various innovative domain-specific applications. The reader will gain an understanding of how the principles of security and privacy must be rethought for Internet-connected CPSs. Our hope is that this book will enhance the capability of the technical workforce to understand the less obvious implications of CPSs and to improve civil and economic security.

This book will challenge the research community to advance research and education at the confluence of security, privacy, and CPSs and to transition its findings into engineering practice. However, our desire is to provide useful information even for readers without any prior domain knowledge. Thus, most chapters are in tutorial/survey style. We anticipate many of our readers will be involved in research and development of technologies to better the lives of others, and, thus, they would be interested to gain an understanding of the security and privacy implications of their work. We also address the CPS design workforce and aim to provide an important source of comprehensive foundations and principles of cybersecurity and privacy as it applies to CPSs. Toward these goals, this book is organized into three parts: Foundations, Principles, and Applications.

Part 1 is composed of six chapters. In addition to presenting an overview of the opportunities and challenges of cybersecurity and privacy (Chapter 1), this part presents scientific foundations of cybersecurity and privacy in various subdomains, including networks (Chapter 2), information theory (Chapter 3), national security (Chapter 4), legal aspects (Chapter 5), and cryptographic key management (Chapter 6).

Part 2 is composed of six chapters. This part presents engineering principles of cybersecurity and privacy as applied to the IoT (Chapter 7), access control (Chapter 8), privacy (Chapters 9 and 10), network coding (Chapter 11), and lightweight cryptography (Chapter 12).

Part 3 is composed of seven chapters. This part presents application areas of CPSs along with domain-specific cybersecurity and privacy recommendations. The several diverse application areas include smart cities (Chapter 13), energy (Chapters 14 and 19), healthcare (Chapter 15), building design and automation (Chapter 16), postal infrastructure (Chapter 17), and agriculture (Chapter 18).

This book presents a collection of research results and real-world deployment experiences that provide examples of CPSs across multiple sectors of society. It is our desire that our book would illustrate not only the state of the art and practice in cybersecurity and privacy for CPSs but also the foundations and principles of CPS security and privacy that will educate and prepare designers of these technologies to meet societal desires and needs safely. Our hope is that by reading this book you, the reader, will be better equipped to shape our world with these new technologies in a way that enhances safety, security, and privacy for all.

July 2016

Houbing Song, Daytona Beach, Florida, USAGlenn A. Fink, Richland, Washington, USASabina Jeschke, Aachen, Germany

Acknowledgments

This book would not have been possible without the help of many people. First, we would like to thank all the contributors and reviewers of the book from all over the world. We would also like to thank our editorial assistants, Wendy M. Maiden and Katherine E. Wolf, both at Pacific Northwest National Laboratory, and Ruth Hausmann, Alicia Dröge and Pia Bresenitz, at RWTH Aachen University, who provided essential support at all stages of the editorial process of the book. Also we would like to thank Preethi Belkese and Sandra Grayson, at Wiley, who shepherded us through the book-editing process. Finally, we would like to acknowledge the support of the Cluster of Excellence Integrative Production Technology for High-Wage Countries at RWTH Aachen University, German Research Foundation, and German Federation of Industrial Research Associations – AiF.

Special thanks go out to the following reviewers:

Mohammed Aazam (Jinnah University, Islamabad)

Syed Hassan Ahmed (Kyungpook National University)

David Archer (Galois)

Lane Arthur (John Deere)

Safdar H. Bouk (Kyungpook National University)

Ismail Butun (Bursa Technical University)

Zhi Chen (Arkansas Tech University)

Michael Crouse (Harvard University)

Qinghe Du (Xi'an Jiaotong University)

Melike Erol-Kantarci (University of Ottawa)

Glenn Fink (Pacific Northwest National Laboratory)

Errin Fulp (Wake Forest University)

Carlos Gómez Gallego (Aruba, a Hewlett Packard Enterprise Company)

Jon Green (Aruba, a Hewlett Packard Enterprise)

Hudson Harris (ADAPT of America, Inc.)

Arlett Hart (US Federal Bureau of Investigation)

Md. Mahmud Hasan (University of Ottawa)

Martin Henze (RWTH Aachen University)

Yu Jiang (Tsinghua University)

Burak Kantarci (University of Ottawa)

Wenjia Li (New York Institute of Technology)

Chi Lin (Dalian University of Technology)

Jaime Lloret (Universidad Politecnica de Valencia)

Rongxing Lu (Nanyang Technological University)

Volker Lücken (RWTH Aachen University)

Kevin Nesbitt (US Federal Bureau of Investigation)

Kaoru Ota (Muroran Institute of Technology)

Antonio Puliafito (Università Degli Studi Di Messina)

Devu Manikantan Shila (United Technologies Research Center)

Mohammad Shojafar (University Sapienza of Rome)

Siddharth Sridhar (Pacific Northwest National Laboratory)

Eric Swanson (Cisco)

Lo'ai A. Tawalbeh (Umm Al-Qura University)

Hasan Tercan (RWTH Aachen University)

Huihui Wang (Jacksonville University)

Steve Weingart (Aruba, a Hewlett Packard Enterprise Company)

Justin Wolf (Cisco)

Katherine Wolf (Pacific Northwest National Laboratory)

Guobin Xu (Frostburg State University)

Wei Yu (Towson University)

Chapter 1Overview of Security and Privacy in Cyber-Physical Systems

Glenn A. Fink1, Thomas W. Edgar1, Theora R. Rice1, Douglas G. MacDonald1 and Cary E. Crawford2

1Pacific Northwest National Laboratory, National Security Directorate, USA

2Oak Ridge National Laboratory, Nuclear Science and Engineering Directorate, USA

1.1 Introduction

Cyber-physical systems (CPSs) are broadly used across technology and industrial domains to enable process optimization and previously unachievable functionality. However, CPSs have been key targets in some of the most highly publicized security breaches over the last decade. Neither cyber- nor physical-security concepts alone can protect CPSs because the complex interdependencies and crossover effects can introduce unexpected vulnerabilities: Physical attacks may damage or compromise the information system on the device, and cyber-attacks can cause physical malfunctions. Because of the many critical applications where CPSs are employed, either kind of attack can result in dire real-world consequences. As a result, security and privacy must be key concerns for CPS design, development, and operation.

In this chapter, we discuss CPSs from a security perspective. We explain classical information and physical-security fundamentals in the context of CPSs deployed across application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We discuss how CPS security and privacy are inherently different from pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we discuss security and privacy implications when infrastructural and personal CPSs merge. While helping the general users cope with the risks inherent in existing products is important, our goal is to help designers of emerging CPSs to build more secure, privacy-enhanced products in the future by incorporating lessons learned from the recent past and present.

1.2 Defining Security and Privacy

Before we can discuss security and privacy of CPSs, it is crucial to understand the definitions and intricacies of the terms. Security is a set of measures to ensure that a system will be able to accomplish its goal as intended, while mitigating unintended negative consequences. When features are added to a system, security is applied to ensure that the additions neither compromise intended functionality nor introduce new attack vectors.

The National Institute of Standards and Technology (NIST) defines privacy as “Assurance that the confidentiality of, and access to, certain information about an entity is protected” (Barker et al., 2013, p. 94). “Entity,” in this case, can be a corporation or facility as well as an individual person. “Certain information” may refer to any sensitive information such as personally identifiable information (PII).

Security and privacy have in common the concepts of appropriate use and protection of information. Privacy is often thought of as freedom from observation, disturbance, or unwanted public attention and the ability of an individual or group to limit its self-expression. Privacy is often seen as an aspect of security, an affordance of confidentiality, because a secure system should protect the privacy of its users. Confidentiality usually means that information is not released to unauthorized parties, but privacy has a more dynamic dimension of allowing owners to control the dissemination of their information themselves. At the same time, security may be considered contrary to privacy. For instance, politicians and industry leaders endure reduced privacy to protect the public trust they hold.

1.2.1 Cybersecurity and Privacy

The concepts of security and privacy can be applied to both the cyber and physical sides of CPSs. There are many overlapping terms for these concepts including cybersecurity, information security, information assurance, and others. For our purposes, we are concerned in this section with the nonphysical, informational side of CPSs. Thus, the term information security as defined by NIST will suffice:

A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise's risk management approach.

(Kissel, 2013, p. 94).

Information security is generally characterized by three core principles, which Pfleeger and Pfleeger (2007) and Cherdantseva and Hilton (2013) defined as follows:

Confidentiality

– Only authorized parties can access computer-related assets.

Integrity

– Assets can be modified only by authorized parties or only in authorized ways.

Availability

– Assets are accessible to authorized parties at appropriate times.

Together these are known as the “CIA triad,” and they ensure reliable access to correct information for the right people/programs/machines. The CIA triad is the heart of information security but is widely thought to be incomplete. Cherdantseva and Hilton (2013) discuss attempts to amend the triad and propose an information assurance and security octet that starts with CIA but also includes accountability, authentication and trustworthiness, auditability, nonrepudiation, and privacy. The complete list of security goals has not been definitively agreed upon, but we elect to add to the triad two additional elements that are most germane to the physical side of our discussion of CPSs. The last two principles are often bundled into the principle of integrity, but they are important enough to deserve separate attention:

Authentication

– Verifies the identity, often as a prerequisite to access (Committee on National Security Systems, 2010).

Nonrepudiation

– Protects against an individual's false denial of having performed a particular action and captures whether a user performed particular actions (i.e., sending or receiving a message) (NIST, 2013).

There are a number of means of implementing each of these cybersecurity principles. For example, encryption provides confidentiality, protecting data and system functions from unauthorized use. Digital signatures and secure hashes provide integrity, ensuring data or software updates are not modified. Redundancy of resources keeps the system available for the intended users for proper use at any time even under stress. Identities, certificates, and passwords are examples of authentication mechanisms that guarantee only authorized users may access resources protected by confidentiality measures. Authentication ensures integrity by verifying the authority of actors who would change an asset. Automatically collected records and logs of these changes may show which user accessed or modified specific parts of the system. When these logs are protected by some integrity mechanism, the result is a system with nonrepudiation. Nonrepudiation makes violations of integrity clear and provides forensically useful information when security fails.

Privacy in the information sense of the word usually refers to the principle of confidentiality, but it is also related to controlled disclosure of information. People want to be able to disclose information to some and not to others and they want to be able to control what is done with the information disclosed. Thus, privacy is a facet of personal information integrity because although data about a person may be transmitted, the information it bears is always the property of the person identified by it.

1.2.2 Physical Security and Privacy

Physical protection aims to defend an area in space according to the following principles adapted from the U.S. Department of Defense (2016) and U.S. Department of Energy (2005):

Deterrence

– A credible threat of countermeasures that prevents actions against the system by making the perceived cost of an attack outweigh the perceived benefits.

Detection

– The positive assessment that a specific object caused the alarm and/or the announcement of a potential malevolent act through alarms.

Delay

– Impediments that slow or prevent an adversary from accessing a protected asset or from completing a malevolent act.

Response

– Actions taken with appropriate force and at locations and times designed to stop the advancement of the adversary.

Neutralization

– Rendering enemy forces incapable of interfering with a particular operation.

Deterrence can be as innocuous as a sign indicating the presence of physical-security components or a guard posted in a visible location to warn the potential adversary of the consequences of an attack. Beyond this, detection is usually accomplished with surveillance technologies, human watchers, or operational processes. Alarms may be coupled with detection to alert those protecting the asset (the trusted agents) or to scare off the attacker. Barriers such as protective forces, walls, deployed obstacles, storage containers, locks, and tamper-resistant devices take time for an adversary to penetrate, providing delay (and some deterrence if the measures are visible). The response to intrusion events must be immediate and effective and may include summoning authorities with sufficient force to halt the attack. Without a timely response, no threat can be completely neutralized. The responders neutralize all of the attackers by arresting them or in some other way making it impossible for them to attack the system in that way again. If these physical-security elements are not properly utilized, even the most impenetrable defenses will eventually be defeated.

Privacy in the realm of physical security often entails trade-offs with security. Access controls, surveillance, detection and assessment, and response are all principles of physical protection that require individuals to be positively identified, tracked, and monitored while in the secured area. Allowing these physical protection systems to track a person's every move must be coupled with the assumption that this information will be utilized for the intended purpose only and protected against any malicious usage or unauthorized access. However, the agreement to provide this information to other trusted agents to further enhance security is usually made explicit.

1.3 Defining Cyber-Physical Systems

Cyber-physical systems, or CPSs, is an umbrella term that includes systems of many sorts including robotics, machine automation, industrial control systems (ICSs), process control systems, supervisory control and data acquisition (SCADA) systems, the Industrial Internet, and the Internet of Things (IoT). These systems have different applications, architectures, and behaviors, but they all share key attributes.

The US President's National Science and Technology Advisory Committee (NSTAC) report on IoT (NSTAC, 2014) notes three common properties of IoT objects:

1.

Ordinary (noncomputational) objects are individually network addressable.

2.

Physical objects are interconnected.

3.

The devices are intelligent and many can perform functions adaptively, either individually or as part of a larger group.

These common properties of IoT are broadly applicable to CPSs in general. CPSs may be a single object or a system of objects with indefinite boundaries. CPSs may span a broad range of application domains providing the ability to monitor, manipulate, and automate devices from personal conveniences to critical infrastructures. While these systems empower us to be more effective at a scale beyond our individual means, they also present an additional risk. The more integrated CPSs become in our lives, the greater chance their failure or manipulation could have drastic consequences.

CPS is a very general term when used in this field. “Embedded system” is an older term for computational capabilities fused with normal, “dumb” systems; however, embedded systems need not communicate with each other or the larger Internet. The term Industrial Internet connotes ICSs and business-to-business linkages but may leave out consumer devices. Conversely, IoT has become the most popular term for CPSs, but it mostly evokes images of commercial consumer devices. We use CPSs generally to mean any of these and use the individual terms when necessary for clarification.

We divide the CPS domain into two broad categories: infrastructural and personal. While functional CPS concepts are consistent between the two categories, the security risks and concerns are often different. Infrastructural CPSs include ICSs that operate factories, refineries, and other types of industrial infrastructure. Personal CPSs include end-user devices such as smartphones, watches, appliances, and home systems.

1.3.1 Infrastructural CPSs

Infrastructural CPSs are found everywhere in industry and are critical to modern life. In ICS, the physical side is emphasized, and the cyber side is added for convenient access and control of physical machinery, and so on. However, the points of connection between the machinery and external computer networks may be undocumented or poorly understood as connectivity has often evolved over long periods of time. Some grave concerns are to avoid property damage, economic loss, and physical harm. However, for industrial systems that are part of critical infrastructures providing vital services such as power and water, availability is the overriding concern, as modern societies are largely dependent upon them.

1.3.1.1 Example: Electric Power

CPSs that meet the NSTAC IoT criteria abound in many industrial domains including oil and gas, water and wastewater, chemical, and manufacturing. Infrastructural CPSs are used to monitor every part of the electric grid from power generation through transmission to consumption by end users