(161a) Analysis of Safety and Security Challenges and Opportunities Related to Cyber-Physical System

The rapid development of computation, sensing, control and network technologies, enabled the integration of the physical and the cyber world into a cyber-physical system (CPS). This presents new challenges as well as opportunities for process safety and security researchers. In CPS, safety and security concerns spread through hardware and software across different disciplines and across hardware/software subsystems.

A deep analysis of their cyber security and safety before their usage is necessary. The current work is on this aspect. It analyzes the literature to investigate opportunities and challenges presented by the application of CPSs. The analysis attempt to answer following questions: (i) What are the opportunities that industry 4.0 technologies offer for process safety? (ii) What are the characteristics of industry 4.0 technologies that are likely to cause safety and security issues? (iii) What are the safety and security issues introduced by industry 4.0? How were these issues addressed in literature? (iv) What are other technical hardware and software challenges discussed related to safety and security? Additionally, the review answers multiple bibliometric questions including: (i) What is the focus of most of the documents? And how was the paper focus evolving with years? (ii) What are the key areas? (iii) What are the potential sources of the publications? (iv) What are the dominant factors behind the citations? and (v) Which countries are active in the research?

The two main sources used to collect literature are Web of Science and Engineering Village. 887 relevant documents are collected and analyzed. 53% (471) of the documents are majorly related to cyber-physical attacks, followed by Hazardous characteristics (19%, 168 documents). These two categories witnessed a greater increase in percentage of total documents per year than other categories which shows the significance of the topics. Occupational health and safety documents represent the smallest cluster with 5 documents (approximately 0.6%). Smart grids are the most targeted systems by cyber-attacks and thus are the most explored domain in CPS literature.

It is observed that CPSs offer opportunities for safety by reducing the occurrence of man-made accidents, enhancing safety compliance, process monitoring, fault detection and diagnosis, real time alert management systems, along with other opportunities. These opportunities could be exploited in applications such as chemical processes, energy industries (oil & gas and nuclear), intelligent transportation, maintenance, mining, power systems, and vehicular automation.

CPSs have characteristics that introduces safety and security challenges. This includes complexity, heterogeneity, interdependency between cyber and physical processes. Other characteristics include fragmentation, autonomous reconfiguration decisions, and other constraints like physical and resource-related. CPS autonomous reconfiguration decisions and compensatory actions may cause fault masking effects. There are also security-related issues including integrity and availability challenges in the presence of cyber-physical threats. The security risk assessment and ensuring secured remote configuration are challenging with unknown external disturbances.

There is significant knowledge gap in terms of lack of approaches to model, document and integrate safety and security requirements simultaneously. Also include challenges related to resilience assessment, occupational health and safety risks, and human factors.

This paper discusses the above-mentioned challenges including issues with the conventional security mechanisms used for monitoring and communication devices, cyber-physical gap, hazardous collaboration for multiple CPSs, and brownfield CPS. The paper also raises some unanswered questions i.e. how to model cyber-physical attacks under more practical assumptions? How to adapt to multiple issues occurring simultaneously? How security and safety mechanisms can introduce more complexity in the system that can lead to new risks? These questions require further analysis and mechanism to address.