In cyber-physical systems, an enormous amount of sensors and actuators come together to interact with each other as well as with the environment. This huge complexity gives rise to various technical and scientific challenges that need to be addressed in order to achieve the vision of pervasive and ubiquitous cyber-physical system.
When computer systems interact with the real world, we have to deal with the continuously changing environment within the discrete processes of a computer. This requires us to harmonize models reflecting the continuous environment, possibly having an infinite amount of states, with models for the discrete computing system with a finite amount of states. This requires novel mathematical approaches handling the discrete-continuous duality of such a situation. Such a situation already occurred in the physics, with the particle-wave (that is, discrete-continuous) duality. This showed that light and elementary components of atoms are neither particles, nor waves, but both. In this case, the harmonization happened within quantum mechanics by using a probabilistic approach, where discrete probability distributions model the discrete aspects, and the continuous probability distributions model the continuous aspects. An intriguing aspect of this theory is the use of complex numbers in order to model the wave-function of the elementary components, and the question is, when such numbers are going to enter the arena of computer science, too.
Due to the enormous amounts of devices expected to interact with each other in the near future, currently used approaches for architectures will not be sufficient to deal with the arising complexity [6, 7]. Additionally, the functionality of the individual devices is increasing at the same time. Therefore, we will have to work towards new ways of building applications with an incomprehensive number of devices with currently unknown capabilities. Furthermore, we require special operating systems for cyber-physical systems. A so called cyber-physical system has to deal with various problems which need to be tackled by the CPS-OS such as:
Openness: Allow interaction with possibly new devices entering the system to achieve common goals. If the current device has spare resources, it may accept tasks from other devices in the network.
Isolation: Allow a device to isolate itself in order to achieve its own goals within the given time. This is important to ensure a device cannot be hijacked by other devices and their offloaded tasks.
Safety: CPS/IoT will be pervasive, and our lives are going to depend on it. As a consequence, we have to make sure that it will behave as intended. This is especially important when we think of safety-critical applications and its implications such as autonomous driving.
Security: The CPS-OS is required to safeguard the data that is being transferred to other devices. This is especially important when offloading tasks to other devices with sensible data. Alternatively, the CPS-OS has to ensure that sensible data does not leave the device unauthorized.
Privacy: There should be no way to identity the owner of a device without proper authorization. This includes information that might be used to reveal the identity of the owner of the device.
Extensibility and Discovery: Allow new devices to join network in order to achieve common goals faster. New devices need to be discovered autonomously by the already joined devices in the network. In addition, the network has to be able to learn about the capabilities of these newly joined devices in order to utilize it as a new resource. At the same time, the new device has to be able to gain knowledge about the capabilities already available in the network.
Robustness: Removing devices from the application, may not affect the performance of the system. If applications or processes rely on specific devices, the network has to be able to deal with failing or removing of such devices using respective mechanisms.
Self-protecting: Detect and fend off attacks from the outside as well as malicious or contra-productive devices trying to join the network. This is obviously problematic as it is contradicting the openness aspect of the CPS-OS. Hence the network requires clear protocols, reasons, and taxonomies to lock out specific devices. These taxonomies and reasons might be defined and negotiated by the devices of the network at runtime.
Self-maintenance: Ensure functionality in standard as well as in uncertain situation. This includes handling resources such as memory or battery levels but also that performed actions achieve the expected outcome. If this outcome is not achieved, the process might be adapted accordingly. This may happen through autonomous adaptation but also through coordinated software updates.
Self-awareness: The individual devices have to be aware of their own capabilities and the corresponding impact of own action on the environment and other devices. Additionally, they need to be able to handle actions performed by other devices in the network, whether these actions are beneficial or disadvantageous for their own goals.
Connectivity: The devices in the networks are not operating in isolation but should also have the capability to connect to the web and cloud services.
Location: The individual devices might need to be able to localize other devices. This can be done only relative to their own location or in absolute space. Furthermore, this can only be a semantic proximity. In any case, this proximity can further be exploited for improving collaboration between the individual nodes.
Data Storage: Data needs to be stored in a distributed fashion among the devices. At the same time, neither the user or the applications need to be concerned about the actual location of the data.
Communication: The devices have to be able to communicate with each other. How this is implemented may not affect the performance of the application running on the devices or the user using them.
Time: Timing might be crucial for certain applications. This is with respect to communication as well as with sensing. In sensing, important events may not be missed. In communication, it might require the devices to synchronize and operate with time constraints.
One of the biggest challenges of CPS is not space-time in general, representing events at certain times in space, but rather how they are conceived by the number of varying systems. In a CPS with heterogeneous systems, there can be three different problems: synchronicity, frequency, and granularity. Synchronicity can be a problem if we consider a sine wave where two sensors measure the system with a frequency of but are off by a certain time. This would result in completely contrary measurements. In a similar fashion, frequencies are problematic when results should be compared or combined and hence need to be considered explicitly. Granularity refers to how well the environment can be sensed. If fine granular sensors are combined with coarse granular sensors, a mechanism has to be devised in order to achieve meaningful results. While this can be solved manually for two arbitrary sensors, however, given the large number of sensors in a CPS, this needs to be automated. Hence, each device has to be aware of its own sensors capabilities.
In CPS, multiple systems are combined to form a larger system, operating in the real environment. This requires the CPS to deal with the inherent uncertainty of this environment coming about two main reasons. First, the CPS only has partial knowledge of its environment. This can happen either due to insufficient distribution of sensors, the frequency of the sensing units not being high enough, or the granularity not being sufficient in order to sense an event. Second, the CPS only has limited resources to observe the environment. This means, events might have been disregarded as to conserve resources. This ranges from conceptual models on how to deal with uncertainty  to approaches on how to use the available information to overcome the obstacles of uncertainty [9, 10].
While the safety of a CPS might be achieved through the sheer number of sub-systems involved, developers have to consider techniques to ensure safety of the system in case important sub-systems fail during runtime . This can be achieved through self-healing processes and autonomous integration of new systems in the CPS. This capability will inevitably lead towards emergent behavior—behavior the designer of the system has not originally intended but is a result of its capabilities and interactions. On how to detect and control such a behavior, especially when it is not beneficial for the user, is a very hard challenge that needs to be solved. However, the interplay between guaranteeing safety and ensuring security of the system is an important aspect to be considered CPS .
In large-scale cyber-physical systems, the gathered information needs to be secured on all levels. Weather it is on the sensor level monitoring the general environment or personalized sensors (e.g. heart rate) but also on the network level, where data is exchanged among sensors and aggregation nodes up to the cloud storage. The system has to guarantee that no unauthorized person is able to access the devices or the generated data. This is of particular importance when devices or machines in direct interaction with humans. Having insufficient security may give access to unauthorized persons which may cause not only financial but also human damage [13, 14].
Similar to security, privacy is a big issue in upcoming cyber-physical systems. If personalized data is exchanged among multiple sensor nodes or aggregated for further analysis, it has to be impossible to map the gathered data to a specific person. While in many situations, it is important to be able to map information to a specific person, in a cyber-physical system this may only happen in an anonymized fashion. There is a lot of ongoing research tackling the different problems and issues arising with shared information and privacy in IoT and CPS [15–17].
Having large number of sensors and actuators in single cyber-physical system, inevitably requires the individual devices to feature some kind of smartness. Having such large number of devices in the near future requires us to develop approaches which allow the individual devices operate autonomously without the interaction of an operator. This includes self-localization, self-organization, self-identification, self-configuration, self-healing, self-optimization, and self-aware capabilities [18–21]. While the individual device may only have very limited capabilities, in combination with other devices the system is expected to exhibit a more rational behavior. These capabilities may reach from simple discovery and self-localization mechanisms to more complex such as learning, information exchange and integration/aggregation, and self-adaptation mechanisms to deal with changing environments.
Additionally, we consider the large number of devices introducing different levels of smartness as a benefit as different situation might require different capabilities. The heterogeneous mix of abilities allows to cope with different problems and select the most appropriate ones for the given situation without wasting resources by too powerful approaches . In this respect, there is a lot to learn from biology, and we have made huge strides in this direction.