Analysing Security Threats for Cyber-Physical Systems

  • Shafiq ur RehmanEmail author
  • Manuel De Ceglia
  • Volker Gruhn
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 70)


Cyber-physical systems have established as an essential part of the modern world and will grow in amount and complexity in the future. In the beginning, this paper provides an overview of CPS architecture, where we describe basic components at three different OSI reference model layers that includes: the human machine interface (application layer), supervisory control and data acquisition (network layer) and programmable logic controllers (physical layer). Since the physical layer enables direct contact to human beings, security is an important factor in the development process. Nonetheless, cyber-physical systems become more and more complicated and offer a wide surface of vulnerabilities which can be exploited through external threats. Since attacks can be launched at every single layer, a wide area of different threats can be inherited and need to be avoided by appropriate security measures. The main contribution of this paper is to provide a security threat tool, where we determine threats and vulnerabilities in cyber-physical systems at the application, the network and the physical layer. Furthermore, the tool is able to suggest solutions which can prevent attacks against those identified threats.


Security Threat Vulnerability Asset PLC SCADA HMI Architecture Cyber-physical systems (CPS) 



This work has been supported by the European Community through project CPS.HUB NRW, EFRE Nr. 0-4000-17.


  1. 1.
    Rehman, S., Gruhn, V.: Security requirements engineering (SRE) framework for cyber-physical systems (CPS): SRE for CPS. In: New Trends in Intelligent Software Methodologies, Tools and Techniques: Proceedings of the 16th International Conference SoMeT_17, vol 297, p. 153. IOS Press, Sept 2017Google Scholar
  2. 2.
    Rehman, S., Gruhn, V.: Recommended architecture for car parking management system based on cyber-physical system. In: 2017 International Conference on Engineering & MIS (ICEMIS), pp. 1–6. IEEE, May 2017Google Scholar
  3. 3.
    Rehman, S., Gruhn, V.: An effective security requirements engineering framework for cyber-physical systems. Int. J. Inf. Commun. Technol. (Special Issue Cyber-Phys. Syst. Data Process. Commun. Architect.) 6(3). ISSN: 2227-7080; ESCI-WoS index (2018)Google Scholar
  4. 4.
    Todd, M., Koster, S.R., Wong, P.C.M.: Hewlett-Packard Enterprise Development LP, 2016. System and method for securing a network from zero-day vulnerability exploits. U.S. Patent 9,264,441Google Scholar
  5. 5.
    Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—a survey. IEEE Internet Things J. 1–1 (2017)Google Scholar
  6. 6.
    Zimmermann, J.D.: OS1 reference model—the IS0 model of architecture for open systems interconnectionGoogle Scholar
  7. 7.
    Stallings, W., Brown, L.: Computer Security: Principles and Practice, 3rd edn. Pearson, Boston (2015)Google Scholar
  8. 8.
    Stallings, W.: Cryptography and Network Security: Principles and Practice, 7th edn. Pearson, Boston (2017)Google Scholar
  9. 9.
    Greensmith, J., Aickelin, U.: Firewalls, intrusion detection systems and anti-virus scanners (2005)Google Scholar
  10. 10.
    Steiner, J.G., Neuman, B.C., Schiller, J.I.: Kerberos: an authentication service for open network systems. In: USENIX Winter (1988)Google Scholar
  11. 11.
    Omar, S.: Information system security threats and vulnerabilities: evaluating the human factor in data protection. Doctoral dissertation (2017)Google Scholar
  12. 12.
    Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Computer Stand. Interfaces 36(4), 759–775 (2014)CrossRefGoogle Scholar
  13. 13.
    Wells, L.J., Camelio, J.A., Williams, C.B., White, J.: Cyber-physical security challenges in manufacturing systems. Manuf. Lett. 2(2), 74–77 (2014)CrossRefGoogle Scholar
  14. 14.
    Wang, L., Törngren, M., Onori, M.: Current status and advancement of cyber-physical systems in manufacturing. J. Manuf. Syst. 37, 517–527 (2015)CrossRefGoogle Scholar
  15. 15.
    Abomhara, M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mobil. 4(1), 65–88 (2015)CrossRefGoogle Scholar
  16. 16.
    Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 13th Annual Conference on Privacy, Security and Trust (PST), pp. 145–152. IEEE, July 2015Google Scholar
  17. 17.
    Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on bayesian belief networks. In 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE, Sept 2013Google Scholar
  18. 18.
    Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber–physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)CrossRefGoogle Scholar
  19. 19.
    Kushner, D.: The real story of Stuxnet. IEEE spectrum: technology, engineering, and science news, 26-Feb-2013. Available: Accessed 15 Nov 2017
  20. 20.
    Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE, Nov 2011Google Scholar
  21. 21.
    Slay, J., Miller, M.: Lessons learned from the Maroochy water breach. Crit. Infrastruct. Prot. 73–82 (2007)Google Scholar
  22. 22.
    Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber-attacks on SCADA systems. In: Internet of things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, pp. 380–388. IEEE, Oct 2011Google Scholar
  23. 23.
    Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet of Things J 1(1), 22–32 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Shafiq ur Rehman
    • 1
    Email author
  • Manuel De Ceglia
    • 1
  • Volker Gruhn
    • 1
  1. 1.Institute of Software TechnologyUniversity of Duisburg-EssenEssenGermany

Personalised recommendations