Safety and security of cyber-physical systems

Cyber-physical systems (CPSs) interact with their physical environment by both monitoring and manipulating objects and processes from the real world. The range of applications for CPSs encompasses agriculture, aeronautics, energy, healthcare, manufacturing, robotics, and transportation, to name just a few. Often, CPSs are part of what we consider critical infrastructure, for example, electric power and water treatment. CPSs communicating with the outside world are security-critical. They open an attack vector through their communication channels. CPSs are safety-critical if they potentially harm their environment. Conventional protection mechanisms like secure design principles are insufficient. We need to guarantee our CPSs' resilience (cf. Segovia et al.1), that is, the ability of a system to withstand adverse events while maintaining an acceptable functionality.2 Communication and coordination features of CPSs demand a combined approach to consider both safety and security concerns. We have published several special issues on the topic of the safety and security of CPSs in previous years.3-6 Similarly, for the current special issue, a general call for articles was announced and also the authors of the best papers of the International Workshop on Cyber-Security and Functional Safety in Cyber-Physical Systems—IWCFS 20207 and IWCFS 20218 —were invited to submit extended versions of their workshop papers. After thorough and stringent reviews, we selected ten articles that provide relevant contributions to the field of safety and security for CPSs. In the article, Identifying Safety Issues from Energy Conservation Requirements by Madala by Do and Tenbergen, the authors propose an approach for identifying safety issues caused by energy conservation recommendations of CPSs. The authors then empirically study four robotic systems to evaluate the approach's effectiveness. The authors find that the energy conservation recommendations compromise safety at the concept phase. In the article, Context Modeling for Cyber-Physical Systems by Daun and Tenbergen, the authors propose a comprehensive, ontologically grounded context modeling framework to systematically explore the problem space in which a CPS under development will operate. This allows for the systematic elicitation of requirements for the CPS, early validation and verification of its properties, and safety assessment of its context interactions at runtime. In the article, Enhancing and Securing Cyber-physical Systems and Industry 4.0 through Digital Twins: A Critical Review by Lampropoulos and Siakas, the authors present an overview regarding the use of digital twins as a means to reinforce and secure CPSs and Industry 4.0 in general. The authors argue that based on the provided literature review, digital twins can constitute an essential tool for the realization, reinforcement, and security of CPSs and Industry 4.0. In the article, F3FLUID: A Formal Framework for Developing Safety-Critical Interactive Systems in FLUID by Singh, Ait-Ameur, Mendil, Méry, Navarre, Palanque, and Pantel, the authors propose a unified formal framework, F3FLUID (Formal Framework For FLUID), for the development of safety-critical interactive systems. This framework is based on the FLUID (Formal Language of User Interface Design) pivot modeling language that enables the specification of high-level system requirements for interactive systems. This modeling language is designed to handle safety-critical interactive systems concepts, including domain knowledge. An industrial case study complying with the ARINC 661 standard for avionics systems is used to illustrate the effectiveness of the F3FLUID framework for the development of safety-critical interactive systems. In the article, Modeling and Verifying NLSR Protocol of NDN for CPS Using UPPAAL by Fei, Zhu, and Yin, the authors attempt to formally model and verify some fundamental properties of the NLSR protocol using model checker UPPAAL. First, the authors validate the NLSR protocol modeled into timed automata with a simulator in UPPAAL. Then, they verify the model with four fundamental properties (termination, reachability of Sync Interest, reachability of Sync Data, and digest synchronization). The first synchronization problem is found in a scenario with two node topology. The authors then give the improved model, which owns a valid result in digest synchronization verification. To capture more problems, the authors make the model to support the simulation of a temporary network crash. The second synchronization problem is also exposed in two comparative scenarios. Finally, the authors also propose a mechanism implemented in the model, which validates digest synchronization verification results. In the article, An Automated Evaluation of MQTT Broker Compatibility by Sochor, Ferrarotti, and Ramler, the authors develop an automated framework for compatibility evaluation of Message Queuing Telemetry Transport (MQTT) brokers, which can be easily generalized to other similar IoT components. They apply this framework to perform a comprehensive experiment conducted with 16 different versions of six popular MQTT brokers. In this work, the authors report inconsistencies in the behavior of varying MQTT brokers and broker versions. Based on the experiment results, the authors calculate and provide a visualization of compatibility among the evaluated brokers regarding their distance, indicating the risk of incompatibilities when replacing a broker with another. The calculation of distance measures can be adjusted by giving higher weights to essential features. The authors use this method to show security-related differences between the brokers. In the article, Safety And Security Risks Management Process for Cyber-Physical Systems: A Case Study by Inayat, Farooq, and Inayat, the authors present an integrated safety-security risk management process. To demonstrate the efficacy of the proposed process, they used a tetra packaging case study to (i) examine the vulnerabilities of CPS by running the risk management process, (ii) identify safety-security requirements, and (iii) align retrieved safety-security requirements with the relevant standards. The results show (i) safety hazards and security risks along with their severity and priority, (ii) mitigation guidelines in accordance with IEC 61508, and (iii) 15 safety-security requirements that were identified and are aligned with ISO 9001 packaging and labeling machine standard. In the article, Uncertainty Handling in Cyber-Physical Systems: State-of-the-Art Approaches, Tools, Causes, and Future Directions by Asmat, Khan, and Hussain, the authors identify current state-of-the-art approaches, tools, root causes, and metrics for uncertainty in the domain of CPSs. In addition, they performed a systematic literature review. The core contributions of this study are: (i) to categorize the tools used for uncertainty mitigation and existing root causes of uncertainty in the CPSs domain, (ii) to categorize the tools used for uncertainty mitigation and existing root causes of uncertainty in the CPSs domain, and (iii) to identify the state-of-the-art methods which cannot elaborate the metrics to measure the uncertainty in CPSs. The results of the proposed study are beneficial in guiding future research on devising new approaches or tools to mitigate the causes of uncertainty in CPSs. In the article, Internet-of-Things Architectures for Secure Cyber-Physical Spaces: the VISOR Experience Report by Pascale, Cascavilla, Sangiovanni, Tamburri, and Heuvel, the authors conduct a field study in a Dutch Easter music festival in a national interest project called VISOR to select the most appropriate device configuration in terms of performance and results. They iteratively architect solutions for the security of cyber-physical spaces using IoT devices. They test the performance of multiple federated devices encompassing drones, closed-circuit television, smartphone cameras, and smart glasses to detect real-case scenarios of potentially malicious activities such as mosh-pits and pick-pocketing. The results pave the way to select optimal IoT architecture configurations, that is, a mix of CCTV, drones, smart glasses, and camera phones, to make safer cyber-physical spaces a reality. Finally, in the article, Model-Driven Engineering of Safety and Security Software Systems: A Systematic Mapping Study and Future Research Directions by Mashkoor, Egyed, Wille, and Stock, the authors present a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of safety and security concerns is an emerging field of research. The mapping study provides an overview of the current state-of-the-art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, the authors identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions. The editors of this special issue would like to thank the production team of Wiley for supporting the creation of this special issue. Special mention is also due to our reviewers, who processed all our submissions. Many thanks! This work is partially supported by the Austrian Science Fund (FWF) (grant # I 4744-N) and the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.