Describe-Disrupt-Determine: A review of resilience analysis for cyber-physical systems

Cyber-physical systems (CPSs) are computer or digital systems monitored and controlled by a computing and communicating core. These systems have multiple parts that interact and tend to have physical and software components that are interdependent. Some examples of CPSs include smart infrastructure systems, such as smart electrical grids, and driverless cars.

While it enables better management of the system, the cyber layer introduces the possible threat of cyberattacks and disruptions. With increasing interest in governance and security policy for CPSs, how can we analyse and understand resilience for CPSs?

In their paper, external pageResilience analysis of cyber-physical systems: A review of models and methodscall_made. Dr Beatrice Cassottana of FRS and her co-writers provide a quantitative assessment of CPSs before and after the occurrence of a disruption. They develop a CPS resilience assessment framework consisting of three steps:

1. The CPS description – What physical, cyber and control components are involved, and the models uses to attribute them
2. The disruption – What kind of disruption scenarios take place, and how to induce the damage, and
3. The resilience strategy – What kind of strategy can be used to build resilience in CPSs, and the methods for modelling system recovery

At each step of the framework, they suggest established methods for CPS analysis and suggest four criteria for method selection.

Finally, they apply their framework to a case study of a system disruption at a power substation and suggest resilience strategies based on their analysis. Through examining both the physical and cyber systems of a CPS, this framework aims to be a guide for the assessment of CPS resilience and lays the foundations for the development of resilience assessment tools.