Cyber-physical systems and their impact for federal CIOs

Coined by Helen Gill at the National Science Foundation, cyber-physical systems (CPS) are integrations of computation, networking and physical processes. More accurately, embedded computers and networks that monitor and control the physical processes, with feedback to physical processes that affect computations and vice versa.

On this episode of CyberChat, host Sean Kelley, former chief information security officer at the Environmental Protection Agency and Jerry Davis, chief information officer at NASA Ames, discuss the prevalence of CPS in our society and some key challenges and opportunities.

Cyber-physical systems already exist in automotive systems, manufacturing, medical devices, military systems, assisted living, traffic control and safety, process control, power generation, aircraft and many more areas. The projected benefits or future opportunities look even brighter with development of next-generation airplanes, self-driving cars and fully-autonomous urban living.

But one can’t ignore the challenges that come with CPS, namely security. “They were not originally designed with security in mind,” Davis said. “They were designed for functionality and for their ability do real-time processing and create actuation on some physical process. It’s just now we’re getting around to the point that we’re finding that security is absolute paramount to a good order and keeping critical infrastructure running.”

Another big challenge, particularly in the aviation and transportation sector, Davis said, is safety. “So, today that is a big focus in this new community of cyber professionals and researchers who are rolling over into the area of cyber-physical systems and trying to determine what is that we need to do to ensure safety of different aircraft,” Davis said.

Because a lot of cyber-physical systems weren’t designed with security in mind, “a device that is compromised becomes exacerbated — when you connect them to the internet, you connect them onto a physical network,” David said. Some of these challenges can be alleviated when large technology companies, that understand security better, focus on delivering the next-generation CPS.

Because of the security concerns, Davis believes the CISO/CIO community is not ready to tackle the current or future challenges of CPS. “Cyber-physical systems incorporate some level of commoditized IT, but it’s very highly specialized outside of that. So, the skill sets you need to design security schemas around that is very different than what we have today,” David said.

Top Takeaways

1. Cyber-physical systems are prevalent in every sector of our society.

2. Opportunities include next-generation airplanes, self-driving cars, and fully-autonomous urban living.

3. Most CPS were designed with functionality in mind, not security.

4. In the automotive, aviation, and healthcare sector, safety is another key challenge facing CPS.

5. Internet of dangerous things creates challenges.

6. The CISO/CIO community is not ready to tackle CPS.