Complex System Governance as a Foundation for Enhancing the Cybersecurity of Cyber-Physical Systems

Complex System Governance as a Foundation for Enhancing the Cybersecurity of Cyber-Physical Systems

Polinpapilinho F. Katina (University of South Carolina Upstate, USA) and Omer F. Keskin (University at Albany, State University of New York, USA)
Copyright: © 2021 |Pages: 14
DOI: 10.4018/IJCWT.2021070101
OnDemand PDF Download:
No Current Special Offers


This article investigates the possible benefits of complex system governance (CSG) as a foundation for enhancing cybersecurity in critical cyber-physical systems (CPS). CPS are intrinsically linked to cyberspace and vulnerable to a wide range of risks stemming from physical and cyber threats. There remains a lack of robust frameworks for addressing the issue of cybersecurity for CPS at the metasystem level. In response, the authors suggest CSG as an organizing construct capable of providing a greater degree of cohesion and as a means to provide for design, execution, and evolution of ‘metasystemic' functions necessary to provide for communication, control, and coordination, and integration is critical to the cybersecurity of CPS. In this article, CSG is introduced as a potential construct for enhancing cybersecurity in CPS. A hypothetical case study application is then provided to illustrate the potential for this research. Finally, the authors offer conclusions and suggest future research. Keywords Case Study, Complex System Governance, Cyber-Physical Systems, Management Cybernetics, Metasystem Function, Power Grid, Systems Thinking
Article Preview


Modern society’s viability depends on the reliable functioning of specific systems whose incapacitation or degradation can have debilitating impacts on public safety, health, security, and economic strength. Such systems are referred to as critical infrastructures. They typically include energy, communications, transportation, healthcare, information technology, government facilities, commercial facilities, financial services, critical manufacturing, dams, defense industrial bases, emergency services, food and agriculture, nuclear reactors, materials, space, and wastewater systems (Gheorghe et al., 2006; Habibzadeh et al., 2019; Kröger & Zio, 2011; Obama, 2013; Tatar et al., 2020). Although such systems are expected to produce essential products and services, they operate in a 21st-century environment with attributes of volatility, uncertainty, complexity, and ambiguity (Katina et al., 2014; Keating et al., 2014; Mackey, 1992). Risks posed by critical infrastructure of a nation requires a well-established risk management approach. For example, in the U.S., Cybersecurity and Infrastructure Security Agency “leads such management efforts by mobilizing a collective defense” that includes coordinating a diverse set of stakeholders (Nussbaum, 2017; Tatar et al., 2019) including entities from academia, federal, state, and local government agencies, industry, private sectors, non-profits, and general public (Cybersecurity and Infrastructure Security Agency [CISA], 2020).

These attributes also affect practitioners dealing with modern cybersecurity complex systems. Following previous recitations of the nature of this changing world (Keating et al. 2015; Keating and Katina, 2019), the following summary points are offered regarding cybersecurity:

  • Complexity: the unprecedented availability and accessibility of data and information have become beyond current capabilities to structure to enable effective decision making.

  • Emergence: the emergence deals with the appearance of attributes (e.g., behaviors, performance) that cannot be known in advance. In such cases, traditional methods are potentially detrimental, creating a need for ‘next-generation’ methods with the necessary capabilities to engage highly emergent situations.

  • Ambiguity: instabilities in understanding, shifting boundary conditions, and unstable structural patterns create a lack of clarity for decisive action.

  • Uncertainty: the attributes of ambiguity, emergence, and complexity create conditions where the inability to have a measure of confidence runs rampant. Producing desired performance becomes the exception rather than the norm.

  • Solution spaces: the problem space for cybersecurity is neither simple, absolute, nor isolated. Therefore, the solution space must address the spectrum of sociotechnical encompassing technology, organizational, managerial, human, and policy across special, temporal, and social norms.

  • Context: the context involves the uniqueness of circumstances, factors, patterns, or conditions are affecting a situation: these can enable or constrain decisions and actions.

This landscape amplifies the criticality of looking to new and untapped sources to strengthen cybersecurity, especially in cyber-physical systems (CPS). Moreover, there is also recognition that CPS systems do not operate in isolation and must deal with an increasing range of issues affecting their performance --- beyond risk (Thissen & Herder, 2003). Hence, understanding the characteristics of distinct constituent systems and their interdependencies is necessary to address emerging vulnerabilities. This is especially the case for cyber threats against electronic systems that directly control and alter physical systems. Again, a mounting concern is the issue of cybersecurity, which is concerned with the use of modern communication systems to disable, impede, or degrade system operations to directly or indirectly harm the reputation, causing physical or mental damage, or loss, to the target (Halder & Jaishankar, 2011; Johnson, 2016; White et al., 2010).

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2022): Forthcoming, Available for Pre-Order
Volume 11: 4 Issues (2021)
Volume 10: 4 Issues (2020)
Volume 9: 4 Issues (2019)
Volume 8: 4 Issues (2018)
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing