Cyber-physical System Assurance via Systems Engineering Based Regulation
Presented by Mark van Zomeren
Using three hypothetical cases, which bear similarities to recent real-world cases, issues relating to the downside of cyber-physical systems are examined. Systems engineering principles and potential regulatory mechanisms are then considered, to determine if their application may have the potential to reduce or eliminate these issues.
While these hypothetical cases do resemble real world events from over the past decade, there will be no in-depth analysis of any of them. Rather, aspects of each of these events that have been publicised are cherry-picked and considered from the perspective of systems engineering principles and potential regulatory mechanisms so that useful insights may be gained.
The first hypothetical case is about industrial control systems being overrun by malicious code. Having gained access into the system in the unlikeliest of ways, this code has the ability to not only drive the industrial process into ruin, but can do so while displaying false information on the real-time operation of the industrial systems back to the operators.
The second hypothetical case involves modification to a model of a stable and trusted high precision transport system produced by a highly trusted manufacturer. These modifications result in the need for code to be used to stabilise a now inherently unstable system.
The third hypothetical case relates to the ability of original equipment manufacturers to reach through cyberspace to enable or disable features, without the consent of the system owner or end user, of electromechanical systems they have produced and delivered.
Without delving into the motives of the actors involved in these three hypothetical cases, this webinar will consider design decisions that may be applied in each case to mitigate many of the adverse outcomes that would otherwise be likely to arise during the operation of these systems. Consideration is then given to how these design decisions could be more generally applied elsewhere as system design principles, then integrated into organisational policy, and finally as part of a regulatory regime.
For cyber-physical system development, consider:
- Integration of multiple and diverse methods of measurement for critical system performance
- Designing for pervasive through-life operational test & evaluation, trending to constant monitoring
- Multiple, and graduated, degraded states of operation across various levels of operation
- For all cyber-interfaces between the system and other systems, endeavour to agree on, and communicate in, the same language for cyber risk and cyber test & evaluation
About the speaker:
Mark has over 15 years of experience working on sustainable energy systems, critical infrastructure, and airfield infrastructure and is a trained systems engineer with a focus on test & evaluation and design of experiments. Through extensive public sector policy development experience, Mark has had the opportunity to integrate classic and contemporary systems engineering principles into infrastructure development and sustainment activities. Mark is conducting research into technical assurance models and frameworks for through-life resilience of cyber-capable physical systems.