In today’s software systems, security is one of the major issues that need to be considered when designing Cyber Physical-Systems(CPS). CPS are engineered systems built from, and depend upon, the seamless integration of computational algorithms and physical components. Security breaches are on the rise, and CPS are challenged by catastrophic damage, which resulted in billions of losses. Security Solutions to the Cyber Physical-Systems that we have are likely to become obsolete. Even though security agents issue new sets of vulnerability indicators and patches to address the security breach, these vulnerability indicators change over time, which is a perpetual process. We argue that any security solution for the Cyber Physical-Systems should be adaptive, based on the type of attacks and their frequency. The security solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. We propose a framework for modelling, analyzing and monitoring security attacks (events) in the social, cyber and physical infrastructure realms of CPS. The framework is evaluated using security attack scenarios from a recognized security knowledge repository.

Cyber security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in losses of billions of dollars per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are cyber-physical - a mix of people, processes, technology, and infrastructure. However, existing security solutions for cyber-physical systems are likely to become obsolete; even though security agents issue new sets of vulnerability indicators and patches to address security breaches, these vulnerability indicators change over time, which is a never-ending process. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber-physical systems. In this paper, we evaluate this security attack event monitoring framework. The evaluation was performed by using a large-scale case study on a medical emergency response system.

Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis must consider both strategic (social and organisa- tional) aspects and technical (software and physical infrastructure) aspects. Studying cyberattacks and their potential impact on internal and external assets in cyberspace is essential for maintaining cyber security. The importance is reflected in the work of the Swedish Civil Contingencies Agency (MSB), which receives IT incident reports from essential service providers mandated by the NIS direc- tive of the European Union and Swedish government agencies. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber–physical systems. This paper scrutinises security attack patterns and the corresponding security solutions for Swedish government agencies and organisations within the EU’s NIS directive. A pattern analysis was conducted on 254 security incident reports submitted by critical service providers. A total of five critical security attacks, seven vulnerabilities (commonly known as threats), ten attack patterns, and ten parallel attack patterns were identified. Moreover, we employed standard mitigation techniques obtained from recognised repositories of cyberattack knowledge, namely, CAPEC and Mitre, in order to conduct an analysis of the behavioural patterns.

The paper promotes the notion that any security solution for cyber-physical systems (CPS) should be adaptive and based on the type of attacks and their frequency. Namely, the solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. Moreover, the research provides analyses of situations where the environment changes dynamically over time, requiring the designated adaptation to contemplate and respond adequately to these changes. In particular, it explores applying adaptive model predictive control concepts derived from control theory to develop specific adaptive security solutions. These systems can make decisions by forecasting their future performance for various modes or options of adaptation. Using quantitative information, the software then selects the adaptations that minimise the cost associated with security failures. This is highly significant considering that CPS are engineered systems built from and depend upon the seamless integration of computational algorithms and physical components. Moreover, security breaches are rising, and CPS are challenged by catastrophic damage, resulting in billions of losses making many of today’s solutions obsolete. While security agents issue new sets of vulnerability indicators and patches to address security breaches, these changes are continuous processes ad infinitum. A case study on a medical emergency response system illustrates the essential and salient futures of the proposed adaptive security framework for CPS.

Identifying potential system threats that define security requirements is vital to designing secure cyber systems. Furthermore, the high frequency of attacks poses an enormous obstacle in analysing cyber-physical systems (CPS). The paper argues for the idea that any security solution for cyber-physical systems (CPS) should be adaptive and tailored to the specific types of threats and their frequency. Specifically, the solution should consistently monitor its surroundings in order to protect itself from a cyber-attack by adjusting its defensive measures. Understanding cyberattacks and their potential consequences on both internal and external assets in cyberspace is essential for preserving cyber security. The importance appears in the work of the Swedish Civil Contingencies Agency (MSB), which collects IT incident reports from vital service providers required by the NIS directive of the European Union and Swedish government agencies. The proposed solution is the Adaptive security framework, which aims to simplify the development of analytical models for implementing model predictive control and adaptive security solutions in the field of CPS. This study analyses security attacks and corresponding security measures for Swedish government agencies and organisations under the European Union’s NIS mandate. A thorough analysis of adaptive security was conducted on 254 security incident reports provided by vital service providers. As a result, an overall total of five security measures were identified.

The financial sector is experiencing an increase in cyber incidents, prompting numerous firms to outsource IT infrastructure management. A primary factor contributing to these breaches is that the impacted systems are socio-technical systems (STSs), which include not only technical components such as software and hardware but also physical elements (e.g., robotics, mobility) and social components (e.g., human actors, business processes, and organizational units). Evaluating STS security breaches requires a holistic approach, considering human, organizational, software, and infrastructural elements. The study involves combining strategic factors, including social and organizational dynamics, with technical components such as software and physical infrastructure.

In our previous work, we developed a security attack-monitoring system to tackle these challenges. This framework was developed to monitor, analyze, and model security incidents across the social, cyber, and physical dimensions of cyber-physical systems (CPS). This paper employs the framework to conduct threat-led penetration testing in accordance with the Digital Operational Resilience Act (DORA), thus improving the financial sector’s capacity to address information and communication crises. This study provides important insights into cyberattacks and their impact on the financial sector by examining security breaches reported to the Swedish Civil Contingencies Agency (MSB) by critical service providers. The experiment was performed in collaboration with a prominent Swedish financial institution.