Cyber-physical systems (CPS) dominate the civilian and military environment, increasing the complexity of NATO operations and introducing new vulnerabilities to mission essential systems. Unlike previous systems of interest, CPS employ an integrated suite of cyber elements (hardware/software controls), networking, and physical mechanisms to perform mission critical functions [Henshaw, 2016]. Resilience is the ability to resist, or achieve timely recovery from, adversity [Henshaw, 2017]: CPS resilience requires consideration of cyber, physical, and network security through a system of systems approach; however, the ways in which these security goals can be achieved, as well as, the means through which they are described by the various communities are not well understood.
During the SCI-300 “Cyber Physical Security of Defence Systems” Specialists’ meeting, four topics were identified as potential collaborative focus areas:
a) Definition of CPS resilience in the context of NATO operations,
b) Formulation of a lexicon through which CPS security can be described using terms that are commonly understood across NATO,
c) Development of a common approach to CPS security risk, including an agreed calibration of risk levels, and
d) Approaches to test and evaluate for CPS resilience.
To study these topics and define a research work plan, the SCI-ET-049 group was initiated in January 2019. Nations involved in the group are Canada, Finland, Netherlands, United Kingdom, and United States. The group met seven times, by teleconference from January to September 2019 to discuss the initial SCI-300 proposal and assess the viability for collaborative work and formulate this technical activity proposal.
The proposed RTG has three scientific objectives:
1. Definition of CPS resilience in the context of NATO operations;
2. Demonstration of process(es) for defining CPS resilience requirements for a CPS of interest; and
3. Identification and demonstration of approaches, methodologies, tools, etc. to test and evaluate CPS resilience.
Expected deliverables include:
1. A report defining CPS resilience in the context of NATO Operations and with references to existing work;
2. A report defining resilience requirements for CPS of interest based on an operationally realistic case study; and
3. A report identifying and demonstrating approaches and methodologies to test and evaluate CPS resilience.