Safety & Security Co-engineering
by Poul Heegaard and Erwin Schoitsch
In a highly interconnected world, a finite number of independently operable and manageable systems are networked together to achieve a higher goal as constituent systems of a ‘System-of-Systems’ (SoS), also referred to as a ‘Digital Ecosystem’. Systems of Systems - characterized by self-organization, autonomous constituent systems, continuous evolution, scalability and sustainability - provide both economic and social value. Examples of SoS include: the smart power grid with power plants and power distribution and control, smart transport systems (rail, traffic management with V2V and V2I facilities for highly automated or autonomous driving, air traffic control systems), advanced manufacturing systems (industry 4.0), mobile co-operating autonomous robotic systems or vehicles, health-care systems, smart buildings and neighbourhoods - from local communities through to smart cities.
The main purpose of Systems-of-Systems (SoS) is to provide new services, but with highly interacting and interdependent ICT systems relying on critical infrastructures, new threats and challenges arise. Very often constituent systems are legacy systems not designed for integration into a system-of-systems which is another challenge for achieving and proving trustworthiness. Services delivered involve a chain of stakeholders that share the responsibility for providing robust and secure services with stable and good performance. The interacting relationship between the stakeholders is agreed upon in Service Level Agreements (SLAs), which gives guarantees on the non-functional properties of the services. How can we trust the services of such Systems-of-Systems? How can safe, reliable and secure interoperability of critical services be guaranteed? How should they be designed, implemented, deployed, operated and managed?
One crucial challenge is the operation of the SoS. To make optimal use of available resources, the complexity of the (sub-)systems and their operation will increase owing to increased interconnectedness and complexity. The support system itself contributes to the complexity, as do the public ICT services, which rely on cooperation between multiple stakeholders and an overall system that is not engineered. Consequently, there is no aggregated insight into the design and operation of SoS. Coordinated management would require co-operation between multiple network domains and various technologies and stakeholders.
In this context, the constituent systems to be considered are not only the complex ICT systems themselves, but also Cyber-physical systems (CPS), i.e. embedded ICT systems with strong relationship to physics, mechatronics and the notion of interaction with each other and with an unpredictable environment. The result may be ‘emergent properties’ - unforeseen or unpredicted behaviour that may have critical effects. Cyber-physical Systems-of-Systems (CPSoS) must be adaptable, reconfigurable and extendable during their lifetime, since the classical predictability assumptions of safety and cyber-security assessment and certification no longer hold .
The society strongly depends on ICT and CPSoS services, which have to be trustworthy since the negative impact of a failure or cyber attack might have considerable consequences for the society. Thus, the system and service dependability (safety, security, reliability, availability, maintainability, etc.), as well as resilience, robustness, and sustainability, must be evaluated in a holistic manner . Therefore, European research programmes and complementary national research programmes are targeting CPSoS as a research topic. Individuals and economies are becoming increasingly dependent on these systems – but how can we achieve trust in their dependability, performance, safety, security and privacy ? Several challenges and questions arise:
- How can we achieve trust in SoS?
- How to conduct safety and cyber-security co-assessment, co-engineering and certification/qualification?
- What are the challenges in resilience, robustness, sustainability – and how may we achieve these properties?
- What are the challenges of dependable services and interoperability of systems and services?
- Which safety and security standards should we apply? Which gaps should be covered? What are the recent developments in this area?
- How can reliable, safe and secure interoperability of systems and services be achieved? (frameworks and standards)
- Which design, development and verification and validation, and certification/qualification paradigms have to change? What are the recent developments in this area?
- How can we manage the complex requirements of constituent systems (multi-role, multi-multi-actor, multi-user and requirements, multi-technology) and the interaction with each other and other critical systems (e.g. power-systems, health care, transportation, financial systems)?
- What are some examples of challenges from different domains and how are these challenges being addressed?
- How can highly interdependent systems be run optimally without knowing the finer details of all systems involved?
- Can such SoS be operated and managed by multiple entities with only a business agreement (e.g. SLA) between them?
- How can responsibilities and liabilities be managed when these are many third party suppliers?
- How can during lifetime evolutionary processes, changes, reconfigurations and adaptations be managed, and trust be guaranteed and maintained over time?
This ERCIM News issue features a keynote by Werner Steinhögl, Programme Officer at the European Commission, Components and Systems, Directorate General CONNECT, highlighting the importance of trustworthiness of systems of systems for the digitalization of industry and European competitiveness in the industrial systems market and industrial production. This implies widespread support of collaborative research and innovation in the area of systems of systems, embedded/cyber-physical systems, safety and security, Internet of Things in Horizon 2020 in the JTI ECSEL.
In the special theme section, the keynote is complemented by an invited article by Andreas Wild, Executive Director of the ECSEL (Electronic Components and Systems for European Leadership) JU (Joint Undertaking) on strategic activities in the context of the ECSEL Joint Technology Initiative and its predecessors, the ARTEMIS and ENIAC JUs. Here, selected projects are outlined to illustrate the areas of power electronics and electric mobility.
The 17 regular articles of the special section are clustered into subsections comprising three or four articles according to their main messages and subtopics:
- Overview articles, networks and cross-cutting projects,
- Safety & Cybersecurity co-engineering,
- Building and verifying trustworthy SoS,
- Methods, techniques and tools,
- Applications, emergency recovery.
This clustering will help the reader navigate the wide area of safe, secure and reliable (dependable) engineering of systems of systems. Most of the aforementioned challenges and questions are tackled in these articles.
AMADEOS: Architecture for Multi-criticality Agile Dependable Evolutionary Open System-of-Systems:
System of Systems Overview, SEI, Carnegie Mellon University:
 J-C. Laprie: “Resilience for the Scalability of Dependability”,
4th International IEEE Symposium on Network Computing and Applications, IEEE CPS 2005, Cambridge, MA, p. 5-6, ISBN 0-7695-2326-9.
 D. Schneider, E. Schoitsch,
E. Armengaud: “Towards Trust Assurance and Certification in Cyber-Physical Systems”; in Computer Safety, Reliability and Security,
33rd International Conference, SAFECOMP 2014, Springer, LNCS 8696, pp. 180- 191.
2014 ISBN: 978-3-319-10505-5.
 C. Schmittner et al.: “A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems”, in Proc. of 1st ACM Workshop on Cyber-Physical System Security (pp. 69-80), ACM, 2015.
Austrian Institute of Technology, Austria