Information security can be efficiently provided by the sound structured information and a set of specialized experts in the field of IT and CPS. The interconnection among the systems in the CPS imposes a new challenge in providing security to CPS. A concise study of CPS security is given in this chapter. The problem of secure control systems is also indentified and defined. The way the information security and control theory guards the system is explored. The security of CPSs can be enhanced using a particular set of challenges, which are also described later in this chapter. The resistance to malicious events is strengthening as cyber physical systems are part of critical structures. The CPSs are time sensitive in nature, unlike the distributed system where a little amount of delay is acceptable.
TopIntroduction
The most significant integration element in today’s information centric enterprises is the modern information technology systems. The information technology systems facilitate the proficient determinations of the enterprises which exist for the persistence of the business related goals. The trio of confidentiality, availability and integrity defines the traditional IT security. These elements of the trio are neither mutually exclusive nor tailed in isolation. They will be considered in balance according to the needs of the business enterprise (Conklin, 2009). There is a need for security in cyber physical systems and the balance of the three elements of the trio varies from the system to system and is purely based on the information flow behaviour of the system being protected.
The traditional security, confidentiality and integrity are more concerned when compared to the availability. Hence, the controls drive towards the technology development for protecting the confidentiality and integrity even at the cost of availability if needed. The adaption of these existing controls to the CPS environment neither is sufficient, suitable nor supports the goals of the organization.
As there are different levels of information systems in the enterprise, it is appropriate to provide the security or protection to information according to their level and this becomes the main objective of an information security system. Providing security in this fashion will be effective also as there is no need to utilize resources in providing security for the information which is having less importance and they can be utilized more efficiently to protect the most important information. As there are different levels of information, similarly there are various levels in threats also. For example, secret military, navy information is having high protection profile when compared to the accounting information of the same enterprise. Here, it can be observed that the protection of military information is based on confidentiality whereas protection of accounting information is based on integrity.
The availability and strong integrity are the essential requirements of the cyber physical systems. This makes these systems different from the traditional IT systems in many firms. The central IT security system must apply what it knows and the better approaches of the traditional IT security when it attempts to protect the cyber physical systems for the first time (Conklin, 2009). This methodology is loaded with problems inappropriately. These problems are:
- •
The precise needs of CPS security in the enterprise are not addressed.
- •
The different terminologies of the two communities, traditional IT and CPS obstructs the passing of requirements and capabilities between them when there is an attempt to communicate needs.
- •
Even though the central IT security is aware of the needs and requirements, the desired levels of protections cannot be achieved as their traditional tool sets are not sufficiently equipped.
The gap between the CPS and security whether the communication is proper or not because of the mismatch between central IT security and CPS needs. This gap raises and avoids communicating the required level of security knowledge to the CPS group that is in need of specific security requirements.
The systems whose physical infrastructure elements are controlled with the help of information technology are referred as Cyber Physical Systems (CPS). The researchers in the fields of technology, business and social sciences are gathered in a recent NSF sponsored workshop to survey the needs of future research in the field of CPS. It was identified that the problems related to the security of CPS is not just in the technical domain but also in the domains of process and the people (sociological, psychological and political). These multiple domains influence the solutions of the security problems.