Security and Privacy Aspect of Cyber Physical Systems

Abstract

Today, the globe is experiencing a COVID-19 epidemic, and attackers are seeking every opportunity to carry out their destructive objectives. Due to the COVID-19 disaster, hackers used various methods to try to convert real data into fake data. Since the beginning of the COVID-19 pandemic, hackers have been on high alert, leading to an upsurge in cyber threats and attacks of all types. Cyberattacks, privacy violations, phishing schemes, and data breaches are all too frequent in today’s society. Cyber physical systems (CPSs) are equally vulnerable to security and privacy breaches as a result of the flaws in current computer and communication technology. The term “cyber physical system” refers to a concept that focuses on connecting the physical and virtual worlds. To begin, the National Scientific Foundation (NSF) coined the phrase “complex engineered systems,” which is defined as “complicated engineering applications committed to the integration of cyber and physical components to upgrade the skills of contemporary integrated devices.” CPS has garnered increasing attention in a variety of human activities, particularly in the capacity where physical methods and devices must be managed, choreographed, and integrated with persons, systems, or components. Emerging developments like Industry 4.0 and the Industrial Internet are key indicators of the relevance of CPS. Increased automation, independence, and a totally new knowledge of manufacturing techniques will be required to make the shift to such principles. The goal of a CPS is to observe the activity of physical processes and take measures to alter it in a way to produce the physical environment to operate properly and efficiently. The general characteristics of a CPS are a physical method and a digital system. The cyber structure, which is a networked system comprising many tiny devices with sensing, processing, and communication abilities, often monitors or controls the concrete method. A natural event, a man-made concrete system, or a more sophisticated mix of the two may be engaged in the concrete methods. The cyber system, which is an interconnected system comprising many small devices with sensing, processing, and communication abilities often monitors or controls the physical process. A natural event, a man-made physical system, or a more sophisticated mix of the two may be engaged in the physical methods. However, as the connection between virtual and real systems grows, complex systems are becoming more vulnerable to the cyber system’s security flaws. Given the complexity of today’s CPS, concerns of guaranteeing the security and safety of such technologies are critical. Potential risks might be connected to the cyber, physical, or both aspects of the CPS, necessitating a multifaceted strategy for identifying and mitigating safety and protection vulnerabilities. The objective of this study was to provide information on vulnerabilities, attack types, and mitigation strategies while taking into account the complexity of the CPS in terms of scalability, distributiveness, component varieties, and the separation among security and safety problems. Because they contain scattered components on both a computing and communication level, many CPS can be called distributed systems. A group of sensors placed in a specific area and linked to an aggregator is a suitable example. The data generated by these sensors is dispersed, and services based on such sensors, even when installed along the same architecture, function in a request/reply model. Distributed systems provide a variety of challenges, including synchronicity and cooperation; security is also a problem, as communications in huge systems become susceptible while traveling between nodes. However, because current CPSs have a large number of components that might be considered separate units, concerns of cooperative conduct are critical. Because possible threats can influence both the cyber and physical environments, CPS security is critical at every stage, including design, deployment, and operation. Furthermore, because CPS is employed on so many key architecture items, security problems have become increasingly important. Another factor to consider when implementing safety procedures during CPS design process is the distributed nature of the system. The growing usage of the internet and portable devices allows the corporate border to vanish, resulting in a boundless risk scenario. The internet also poses weaknesses and dangers to cyber physical systems (CPSs). The three types of CPS vulnerabilities are networking, infrastructure, and governance. Configuration, equipment, and surveillance flaws all contribute to network vulnerability. Specification, equipment, and application vulnerabilities, as well as a lack of protective mechanisms, all contribute to platform vulnerability. The lack of safety regulations is the most common source of administrative vulnerability. Vulnerability quantification can be achieved by a variety of mechanisms, including prior expert assessing techniques, historical records, or industry standards. With the growing use of CPS in many sensitive sectors (such as medical healthcare and smart homes), security has become a pressing concern, necessitating the development of a suitable risk assessment technique. With so much reliance on the internet, the security focus of risk assessment has shifted from machine-based risk assessment to networking-based risk assessment. The objective of analyzing CPS security is to provide a quantifiable risk that can be used to safeguard future systems. However, the majority of efforts and studies are focused on enterprise systems, which are unrelated to CPS. CPS security differs from typical IT protection in many ways, thus the security aspects change as well. The primary risk considerations for ICS, for example, are standardized protocols and technologies, unsecured interconnections, and exchanged information. The three phases of the CPS risk assessment model are: (1) describing what would occur to the systems; (2) assessing the likelihood of the occurrence; and (3) predicting the effects. In addition, while assessing CPS risk, three factors should be considered: asset (worth), hazard, and weakness detection. Prevention, detection, and mitigation are some of the challenges that may be encountered when building a safety system. Because of the interaction space between cyber and physical systems, preventing the assault is difficult. Sometimes hackers try to execute cross-layer assaults in addition to relying on explicit vulnerabilities. The most significant challenge is identifying assaults as there is a connection between cyber and physical space, necessitating the development of detection algorithms for all tiers of the CPS, along with the implementation, communication, and perceptual layers. The main problem is to create a security mechanism that can reduce the consequences of a system breach if the protection and identification security stages are exceeded. There will be four sections in this planned chapter. Threats and attacks in CPS are depicted in Section 9.1. Various ways to protect CPS will be described in Section 9.2. Section 9.3 will describe security and privacy challenges in CPS, and Section 9.4 will address contemporary security research concerns in CPS with examples.