Safety and security risk assessment in cyber‐physical systems

Abstract

The term cyber physical systems (CPS) refers to a new generation of systems with integrated computational and physical capabilities through computation, communication, and control. In the past decades, related techniques for CPS have been well studied and developed, and are widely applied in the fields such as industrial automation, smart transportation, aerospace, environment monitoring, and smart grids. However, with the expansion of CPS complexity and the enhancement of the system openness, most of CPS become not only safety-critical but also security-critical since deeply involving both physical objects and computer networks. In the last decade, it is no longer rare to see safety incidents and security attacks happening in industries. Safety and security issues are increasingly converging on CPS, leading to new situations in which these two closely interdependent issues should now be considered together, rather than separately or in sequence. This paper reviews the existing approaches of risk assessment and management from the perspective of safety, security, and their integration. The comparisons of these approaches are summarised with their pros and cons before the technical gaps between the demand and the current situation of safety and security issues in CPS are identified.