Abstract
Cyber-Physical Systems (CPS) are a prominent component of the modern digital transformation, which combines the dynamics of the physical processes with those of software and networks. Critical infrastructures have built-in CPS, and assessing its risk is crucial to avoid significant losses, both economic and social. As CPS are increasingly attached to the world’s main industries, these systems’ criticality depends not only on software efficiency and availability but also on cyber-security awareness. Given this, and because Failure Mode and Effect Analysis (FMEA) is one of the most effective methods to assess critical infrastructures’ risk, in this paper, we show how this method performs in the analysis of CPS threats, also exposing the main drawbacks concerning CPS risk assessment. We first propose a risk prevention analysis to the Communications-Based Train Control (CBTC) system, which involves exploiting cyber vulnerabilities, and we introduce a novel approach to the failure modes’ Risk Priority Number (RPN) estimation. We also propose how to adapt the FMEA method to the requirement of CPS risk evaluation. We applied the proposed procedure to the CBTC system use case since it is a CPS with a substantial cyber component and network data transfer.
Highlights
Most modern engineering systems have close interaction between cyber and physical components, leading to a new paradigm approach named Cyber-Physical Systems (CPS)
The Communications-Based Train Control (CBTC) is a critical system with an extensive software unit and frequent network data exchange that correctly corresponded to our use case necessity
Considering our perspective on the Failure Mode and Effect Analysis (FMEA) limitations, we proposed a novel approach to FMEA’s Risk Priority Number (RPN) estimation that considers social, infrastructure, environmental, and delay costs, concerning our CBTC use case
Summary
Most modern engineering systems have close interaction between cyber and physical components, leading to a new paradigm approach named Cyber-Physical Systems (CPS). CPS are networked systems composed of physical and software components integrated through networking, computation, and monitoring. They are usually misidentified for the Internet of Things (IoT) systems, CPS emphasizes real-time control and monitoring features [1]. Various authors deal with this issue, for example, Lyu et al [1] reviewed different methods for CPS risk assessment considering safety and security concerns. CPS risk is often addressed with risk assessment methods without a risk prevention step Regarding this concern, and that most Communications-Based Train Control (CBTC) security problems arise from cyber-attacks’ effects, we will analyze CBTC from a risk prevention perspective
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
