Development of cyber-physical system security management process model

Abstract

Cyber-physical systems (CPS) combine general-purpose information and telecommunication systems and industrial networks and devices (controllers), forming a heterogeneous hierarchical distributed information technology computing environment designed for control and monitoring of technological processes. FSCs are being actively implemented in the industrial, urban and household spheres, allowing for more efficient use of resources, as well as transferring management and feedback processes to a new level. CPS are formed as a result of the aggregation of several heterogeneous information and telecommunication systems, which makes them susceptible to the destructive factors of the digital environment – cyber attacks. The peculiarities of the construction and functioning of the CPS require a new approach to defining attack surfaces and modelling threats. This is due to the fact that the "traditional" goals of attackers - the availability, integrity and confidentiality of information processed in the system - are not the only ones. In addition, the value of the information itself can be extremely low. At the same time, control and feedback processes play a decisive role in a cyber-physical system. Their stability directly affects the ability of the FSC to perform target functions, as well as the physical safety of technological facilities, personnel and consumers. Depending on the degree of criticality of the technological processes of the real world, which are controlled by the cyber-physical system, the violation of these flows inside it can lead to serious consequences, such as large material damage or a threat to the life and health of people. The severity of the identified threats is confirmed by the constantly growing number of attacks on CPS and the consequences, including potential ones, to which these attacks lead. In addition, it should be noted that in the context of the rapid development and improvement of programmable control devices (Programmable Logic Controller (PLC)), making them more accessible in the mass market segment, as well as the proliferation of high-speed wireless data transmission networks, the concept of a smart home is gaining wider application. This approach implies the integration of PLCs that interact with each other and the control centre via multi-service broadband wireless networks into the domestic environment. Thus, the concept of a smart home is based on the implementation of FSCs in places of permanent residence of people with the transfer of automatic control functions of climatic equipment, lighting, household appliances, physical elements of protection against intrusions to them. At the same time, it is extremely important to ensure the information security of the CFS. To ensure the required level of their security, it is necessary to effectively solve the problems of managing the process of ensuring their information security. The article proposes an approach to the development of a model for the information security management process of a CFS operating in a smart home.