Abstract
This chapter discusses a framework for improving security of cyber-physical systems through purposeful design, execution, and evolution of metasystem functions. State actors (i.e., government agencies), non-state actors (i.e., for-profit and non-profit organizations), and their systems operate under highly emergent and complex conditions. Under these conditions, system performance is not always deducible from the constituent systems. Moreover, such systems are often interdependent and dynamically interacting with other systems such that the state of each system is influenced by and is influencing states of the interconnected systems. In these conditions, leaving a system to develop through processes of ‘accretion’ (ad hoc evolution of a system) or ‘self-organization’ (totally unconstrained evolution of a system) might increase the probability of missing performance expectations. In contrast, ‘purposeful design’ is an invitation for a more determined engagement in system development to increase the probability of producing expected and desired performance. In this chapter, emerging research in Complex System Governance (CSG) is suggested as an emerging field to direct more purposeful design for systems. Specifically, a CSG enabled framework for security design focused on Cyber-Physical Systems (CPS) is provided. The framework, grounded in Systems Theory and Management Cybernetics, emphasizes more holistic design for integration, coordination, communication, and control for development of CPS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Security is taken in its broadest sense to include protection and deterrence, defense, developing international action and influence for cyber systems and interdependent systems in the cyberspace against cyber-threats—internal and external to the system of interest.
- 3.
Cyber security is typically concerned with the protection of internet connected systems (to include hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorized access, harm or misuse [1]. In this case, there is no distinction between issues (i.e., risks, threats, and vulnerabilities) at the system level and the metasystem level. MetaCyberSecurity attempts to address system and metasystemic issues recognizing that a system (including CPS-related systems) does not operate in isolation. This approach enables the consideration of internal and external system risks and vulnerabilities regardless of cause—malicious, technical, or natural.
References
HM Government (2016) National cyber security strategy 2016–2021, p 84. UK Cabinet Office, London. Retrieved from https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021
Clinton WJ (1996) Executive order 13010: critical infrastructure protection. Fed Reg 61(138):37345–37350
Gheorghe AV, Masera M, Weijnen MPC, De Vries JL (eds) (2006) Critical infrastructures at risk: securing the European electric power system (vel 9). Springer, Dordrecht
Linden EV (ed) (2007) Focus on terrorism, 9th edn. Nova Publishers, New York
Rasmussen J, Batstone R (1989) Why do complex organisational systems fail? World Bank environmental working paper, No. 20
Keating CB, Katina PF (2015) Editorial: foundational perspectives for the emerging complex system governance field. Int J Syst Syst Eng 6(1/2):1–14
European Southern Observatory (2008) Science with the VLTI. European Southern Observatory. Retrieved from http://www.eso.org/sci/facilities/paranal/telescopes/vlti/science.html
Masters H (2010) Transcript of the accretion of galaxies and stars. Prezi. Retrieved from https://prezi.com/fg0fw5pyu8nk/the-accretion-of-galaxies-and-stars/
Ashby WR (1962) Principles of the self-organizing system. In: von Foerster H, Zopf G (eds) Principles of self-organization. Pergamon Press, New York, NY, pp 255–278
ASCE (2009) Guiding principles for the nation’s critical infrastructure. American Society of Civil Engineers, Reston
Price JWH (1998) Simplified risk assessment. Eng Manag J 10(1):19–23
Gibson JE, Scherer WT, Gibson WF (2007) How to do systems analysis. Wiley, Hoboken, NJ
INCOSE (2011) Systems engineering handbook: a guide for system life cycle processes and activities, (3.2 ed). In: Cecilia H (ed) INCOSE, San Diego, CA
Weiss JW, Anderson D (2003) CIOs and IT professionals as change agents, risk and stakeholder managers: a field study. In: Proceedings of the 36th annual Hawaii international conference on system sciences, 2003. https://doi.org/10.1109/HICSS.2003.1174639
Holton GA (2004) Defining risk. Financ Anal J 60(6):19–25
Knight FH (1921) Risk, uncertainty, and profit. Hart, Schaffner & Marx; Houghton Mifflin Co, Boston, MA
Song C (2005) A methodological framework for vulnerability assessment for critical infrastructure systems, hierarchical holographic vulnerability assessment (HHVA), Thesis. ETH Zürich, Zürich. Retrieved from https://www1.ethz.ch/lsa/education/arb/old/archive/da_song_05
Katina PF, Pinto CA, Bradley JM, Hester PT (2014) Interdependency-induced risk with applications to healthcare. Int J Crit Infrastruct Prot 7(1):12–26. https://doi.org/10.1016/j.ijcip.2014.01.005
Vamanu BI, Gheorghe AV, Katina PF (2016) Critical infrastructures: risk and vulnerability assessment in transportation of dangerous goods—transportation by road and rail, vol 31. Springer, Cham, Switzerland
Einarsson S, Rausand M (1998) An approach to vulnerability analysis of complex industrial systems. Risk Anal 18(5):535–546
Holmgren A, Molin S, Thedéen T (2001) Vulnerability of complex infrastructure; power system and supporting digital communication system. Presented at the 5th international conference on technology, policy, and innovation, LEMMA Publishers, Utrecht, the Netherlands
Turner BL, Kasperson RE, Matson PA, McCarthy JJ, Corell RW, Christensen L, Eckley N, Kasperson JX, Luers A, Martello ML, Polsky C, Pulsipher A, Schiller A (2003) A framework for vulnerability analysis in sustainability science. Proc Natl Acad Sci 100(14):8074–8079. https://doi.org/10.1073/pnas.1231335100
Tokgoz BE, Gheorghe AV (2013) Resilience quantification and its application to a residential building subject to hurricane winds. Int J Disaster Risk Sci 4(3):105–114. https://doi.org/10.1007/s13753-013-0012-z
Sussman JM (2005) Perspectives on intelligent transportation systems. Springer, New York, NY
Katina PF (2015) Systems theory-based construct for identifying metasystem pathologies for complex system governance (Ph.D.). Old Dominion University, Virginia, United States
Guckenheimer J, Ottino JM (2008) Foundations for complex systems research in the physical sciences and engineering, p 21. Northwestern University: National Science Foundation, Evanston, IL
Hammond D (2002) Exploring the genealogy of systems thinking. Sys Res Behav Sci 19(5):429–439. https://doi.org/10.1002/sres.499
Laszlo E (1996) The systems view of the world: a holistic vision for our time. Hampton Press, Cresskill, NJ
Bertalanffy L (1968) General system theory: foundations, developments, applications. George Braziller, New York, NY
Ackoff R (1999) Re-creating the corporation: a design of organizations for the 21st century. Oxford University Press, Oxford
Arbesman S (2016) Overcomplicated: technology at the limits of comprehension. Current, New York
Bateson G (1972) Steps to an ecology of mind. Jason Aronson Inc, New York, NY
Bostrom N (2014) Superintelligence: paths, dangers, strategies. Oxford University Press, Oxford
Capra F (1996) The web of life: a new scientific understanding of living systems. Anchor Books, New York, NY
Casti J (2012) X-Events: complexity overload and the collapse of everything. William Morrow, New York, NY
Checkland PB (1999) Systems thinking, systems practice. Wiley, New York, NY
Churchman CW (1971) The design of inquiring systems. Basic Books, New York, NY
Flood RL, Carson ER (1993) Dealing with complexity: an introduction to the theory and application of systems science. Plenum Press, New York
François CO (ed) (2004) International encyclopedia of systems and cybernetics. Walter de Gruyter, München, Germany
Klir GJ (ed) (1972) Trends in general systems theory, 1st edn. Wiley, New York, NY
Martin J (2006) The meaning of the 21st century: a vital blueprint for ensuring our future. Riverhead Books, New York, NY
Simon HA (1973) The organization of complex systems. In: Pattee HH (ed) Hierarchy theory: the challenges of complex systems. George Braziller, New York, NY, pp 1–27
Skyttner L (2005) General systems theory: problems, perspectives, practice, 2nd edn. World Scientific Publishing Co., Pte. Ltd., Singapore
Taleb NN (2010) The black swan: the impact of the highly improbable. Random House Trade Paperbacks Edition, New York, NY
von Bertalanffy L (1972) The history and status of general systems theory. Acad Manag J 15(4):407–426. https://doi.org/10.2307/255139
Warfield JN (1999) Twenty laws of complexity: science applicable in organizations. Sys Res Behav Sci 16(1):3–40
Adams KM, Hester PT, Bradley JM, Meyers TJ, Keating CB (2014) Systems theory as the foundation for understanding systems. Sys Eng 17(1):112–123. https://doi.org/10.1002/sys.21255
Gaines BR (1977) Progress in general systems research. In: Klir GJ (ed) Applied general systems research: recent development and trends. Plenum Press, New York, NY, pp 3–28
Monod J (1974) On chance and necessity. In: Ayala FJ, Dobzhansky T (eds) Studies in the philosophy of biology. Macmillan Press, London, UK, pp 357–375
Clemson B (1984) Cybernetics: a new management tool. Abacus Press, Tunbridge Wells, Kent, UK
Katina PF (2015) Emerging systems theory–based pathologies for governance of complex systems. Int J Sys Sys Eng 6(1/2):144–159
Stichweh R (2011) Systems theory. In: Badie B, Berg-Schlosser D, Morlino L (eds) International encyclopedia of political science, vol 8. SAGE, New York, NY, pp 2579–2588
Strijbos S (2010) Systems thinking. In: Frodeman R, Klein JT, Mitcham C (eds) The Oxford handbook of interdisciplinarity. Oxford University Press, USA, New York, NY, pp 453–470
Weinberg GM (1975) An introduction to general systems thinking. Wiley, New York, NY
Whitney K, Bradley JM, Baugh DE, Chesterman CW (2015) Systems theory as a foundation for governance of complex systems. Int J Sys Sys Eng 6(1–2):15–32. https://doi.org/10.1504/IJSSE.2015.068805
Jackson MC (2003) Systems thinking: creative holism for managers. Wiley, Chichester, UK
Katina PF, Calida BY (2017) Complex system analysis for engineering of systemic failures. In: Hopkins M (ed) Systems engineering: concepts, tools and applications. Nova Science Publishers, New York, NY, pp 105–132
Jackson MC (1991) Systems methodology for the management sciences. Plenum Press, New York, NY
Crownover MWB (2005) Complex system contextual framework (CSCF): a grounded-theory construction for the articulation of system context in addressing complex systems problems. Dissertation, Old Dominion University, Norfolk, VA, United States
Katina PF, Keating CB, Gheorghe AV, Masera M (2017) Complex system governance for critical cyber-physical systems. Int J Crit Infrastruct 13(2/3):168–183. https://doi.org/10.1504/IJCIS.2017.088230
Katina PF, Keating CB, Gheorghe AV (2016) Cyber-physical systems: complex system governance as an integrating construct. In: Yang H, Kong Z, & Sarder MD (eds) Proceedings of the 2016 industrial and systems engineering research conference. IISE, Anaheim, CA
US Congress (2001) Uniting and strengthening America by providing appropriate tools required to intercept and obstruct terrorism (USA PATRIOT ACT) Act of 2001 (No. 147) (p. 115 Stat. 271–402). Washington, DC: 107th Congress. Retrieved from http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/content-detail.html
Alur R (2015) Principles of cyber-physical systems. MIT Press, Cambridge, MA
Khaitan SK, McCalley JD (2015) Design techniques and applications of cyberphysical systems: a survey. IEEE Syst J 9(2):350–365
Adepu S, Mathur A (2016) Generalized attacker and attack models for cyber physical systems, pp 283–292. IEEE, Atlanta, GA, USA. https://doi.org/10.1109/COMPSAC.2016.122
European Parliament (2016) Ethical aspects of cyber-physical systems: scientific foresight study (No. PE 563.501). European Parliament, Brussels. Retrieved from http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_STU(2016)563501
Kwon C, Liu W, Hwang I (2013) Security analysis for cyber-physical systems against stealthy deception attacks. In: 2013 American control conference, pp. 3344–3349. Washington, DC, USA. https://doi.org/10.1109/ACC.2013.6580348
Conti JP (2010) The day the samba stopped. Eng Technol 5(4):46–47
Richards G (2008) Hackers vs slackers. Eng Technol 3(19):40–43
North American Electric Reliability Council (2003) SQL Slammer worm: lessons learned for consideration by the electricity sector. North American Electric Reliability Council, Princeton, NJ
Farwell JP, Rohozinski R (2011) Stuxnet and the future of Cyber War. Survival 53(1):23–40. https://doi.org/10.1080/00396338.2011.555586
Slay J, Miller M (2007) Lessons learned from the Maroochy Water Breach. In: Goetz E, Shenoi S (eds) Critical infrastructure protection, vol 253. Springer, US, Boston, MA, pp 73–82
Pasqualetti F, Dörfler F, Bullo F (2013) Attack detection and identification in cyber-physical systems. IEEE Trans Autom Control 58(11):2715–2729
Masys AJ (ed) (2015) Disaster management: enabling resilience. Springer, New York, NY
Johnson C (2016) Why we cannot (yet) ensure the cyber-security of safety-critical systems. In: SCSC 24th annual symposium, Brighton, UK. Retrieved from http://scsc.org.uk/e378
Ali S, Qaisar SB, Saeed H, Khan MF, Naeem M, Anpalagan A (2015) Network challenges for cyber physical systems with tiny wireless devices: a case study on reliable pipeline condition monitoring. Sensors 15(4):7172–7205. https://doi.org/10.3390/s150407172
Baugh D (2015) Environmental scanning implications in the governance of complex systems. Int J Sys Sys Eng 6(1–2):127–143
Katina PF, Calida BY (2017) Complex system governance: implications and research directions [White paper]. Submitted to the Committee on a decadal survey of social and behavioral sciences for applications to National Security, The national academies of sciences, engineering, and medicine. Retrieved from Available: http://sites.nationalacademies.org/dbasse/bbcss/dbasse_178412
Keating CB, Ireland V (2016) Editorial: complex systems governance - issues and applications. Int J Sys Sys Eng, 7(1/2/3):1–21
Keating CB, Katina PF (2016) Complex system governance development: a first generation methodology. Int J Sys Sys Eng, 7(1/2/3): 43–74. https://doi.org/10.1504/IJSSE.2016.076127
Keating CB, Katina PF, Bradley JM (2014) Complex system governance: concept, challenges, and emerging research. Int J Sys Sys Eng 5(3):263–288
Keating CB, Katina PF, Bradley JM (2016) Complex system governance: failure mode effects and criticality analysis application. In: Yang H, Kong Z, Sarder M (eds) Presented at the Proceedings of the 2016 industrial and systems engineering research conference, ISERC, Anaheim, CA
Warfield JN (1976) Societal systems: planning, policy and complexity. Wiley, New York, NY
Hieronymi A (2013) Understanding systems science: a visual and integrative approach. Sys Res Behav Sci 30(5):580–595
Burrell G, Morgan G (1979) Sociological paradigms and organisational analysis. Ashgate Publishing, Burlington, VT
Katina PF, Keating CB, Jaradat RM (2014) System requirements engineering in complex situations. Requirements Eng 19(1):45–62
Katina PF (2016) Metasystem pathologies (M-Path) method: phases and procedures. J Manag Dev 35(10):1287–1301
Mobus GE, Kalton MC (2015) Principles of systems science. Springer, New York, NY
Wiener N (1948) Cybernetics: or control and communication in the animal and the machine. MIT Press, Cambridge, MA
Beer S (1979) The heart of the enterprise. Wiley, New York, NY
Beer S (1984) The viable system model: its provenance, development, methodology and pathology. J Oper Res Soc 35(1):7–25
Beer S (1985) Diagnosing the system for organizations. Oxford University Press, Oxford, UK
Espejo R, Harnden R (eds) (1989) The viable systems model: interpretations and applications of Stafford Beers’ VSM. Wiley, Chichester
Keating CB, Morin M (2001) An approach for systems analysis of patient care operations. J Nurs Adm 31(7–8):355–363
Keating CB, Bradley JM (2015) Complex system governance reference model. Int J Sys Sys Eng 6(1–2):33–52
Carter B (2015) A metasystem perspective and implications for governance. Int J Sys Sys Eng 6(1/2):90–100
Djavanshir GR, Khorramshahgol R, Novitzki J (2009) Critical characteristics of metasystems: toward defining metasystems’ governance mechanism. IT Prof 11(3):46–49. https://doi.org/10.1109/MITP.2009.45
Palmer KD (2000) Meta-systems engineering. In: Proceedings of the tenth annual international symposium of the international council on systems engineering. INCOSE, Las Vegas. Retrieved from http://www.archonic.net/MSE04.PDF
Mason RO, Mitroff II (1981) Challenging strategic planning assumptions: theory, cases, and techniques. Wiley, New York, NY
Schneider V, Kenis P (1996) Verteilte kontrolle: institutionelle steuerung in modernen gesellschaften. In: Kenis P, Schneider V (eds) Organisation und netzwerk: institutionelle steuerung in wirtschaft und politik (pp. 9–43). Frankfurt: Germany: Frankfurt/Main
Schneider V, Bauer JM (2007) Governance: prospects of complexity theory in revisiting systems theory. In: Annual meeting of the midwest political science association, pp 1–36, Chicago, IL. Retrieved from https://www.msu.edu/~bauerj/complexity/schneider.pdf
Katina PF, Bradley JM (2016) Towards a systems theory-based curriculum for complex systems governance. ASEE Conferences, New Orleans, LA. https://doi.org/10.18260/p.27069
Bradley JM, Katina PF, Keating CB (2016) Complex system governance for acquisition. In: Green J, Snider K (eds) Proceedings of the thirteenth annual acquisition research symposium, pp 196–214. NPS, Monterey, California
Keating CB, Bradley JM, Katina PF, Jaradat RM (2017) A systems theoretic-based framework to discover pathologies in Acquisition System Governance. In: Proceedings of the fourteenth annual acquisition research symposium, pp 352–376, Monterey, California: NPS
Pyne JC, Keating CB, Katina PF (2016) Enhancing utility manager’s capability for dealing with complex issues. Proc Water Environ Fed 2016(8):4207–4232
Davidz HL (2017) Systems engineering pathology: leveraging science to characterize dysfunction. In: Annual INOSE international workshop, INCOSE, Los Angeles. Retrieved from www.incose.org/IW2017
Katina PF (2016) Systems theory as a foundation for discovery of pathologies for complex system problem formulation. In: Masys AJ (ed) Applications of systems thinking and soft operations research in managing complexity. Springer, Geneva, Switzerland, pp 227–267
Keating CB, Katina PF (2012) Prevalence of pathologies in systems of systems. Int J Sys Sys Eng 3(3/4):243–267
Troncale L (2013) Systems processes and pathologies: creating an integrated framework for systems science. INCOSE Int Symposium 23(1):1330–1353. https://doi.org/10.1002/j.2334-5837.2013.tb03091.x
Fiol CM, Lyles MA (1985) Organizational learning. Acad Manag Rev 10(4):803–813. https://doi.org/10.2307/258048
Ansell C, Gash A (2008) Collaborative governance in theory and practice. J Public Adm Res Theor 18(4):543–571
Dunsire A (1990) Holistic governance. Public Policy Adm 5(1):4–19
Kooiman J (2003) Governing as governance. SAGE Publications Ltd, London, UK
Willke H (2007) Smart governance: governing the global knowledge society. Campus Verlag GmbH, Frankfurt, Germany
The World Bank (2017) World development report 2017: governance and the law (No. 112303). The World Bank, Washington, DC. Retrieved from http://elibrary.worldbank.org/doi/book/10.1596/978-1-4648-0950-7
Jessop B (2003) Governance and metagovernance: on reflexivity, requisite variety, and requisite irony. In: Bang HP (ed) Governance, as social and political communication. Manchester University Press, Manchester, England, pp 142–172
Rhodes RAW (2007) Understanding governance: ten years on. Organ Stud 28(8):1243–1264. https://doi.org/10.1177/0170840607076586
Brennan NM, Solomon J (2008) Corporate governance, accountability and mechanisms of accountability: an overview. Acc, Auditing Accountability J 21(7):885–906. https://doi.org/10.1108/09513570810907401
Lynn L, Heinrich C, Hill C (2000) Studying governance and public management: challenges and prospects. J Public Adm Res Theor 10(2):233–261
Bovaird T (2005) Public governance: balancing stakeholder power in a network society. Int Rev Admin Sci 71(2):217–228
Keohane R, Nye J (eds) (2000) Governance in a globalizing world. Brookings Institution, Washington, DC
Keohane R, Nye J (1989) Power and interdependence. Harper Collins, New York, NY
Krahmann E (2003) Conceptualizing security governance. Cooperation Conflict 38(1):5–26. https://doi.org/10.1177/0010836703038001001
Kooiman J (2000) Societal governance: levels, models and orders of social-political interaction. In: Pierre J (ed) Debating governance: authority, steering and democracy. Oxford University Press, Oxford, UK, pp 138–166
Biermann F, Betsill MM, Gupta J, Kanie N, Lebel L, Liverman D et al (2009) Earth system governance: people, places and the planet. Science and implementation plan of the earth system governance project (No. Earth System Governance Report 1, IHDP Report 20). The Earth System Governance Project, Bonn, IHDP
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Katina, P.F., Keating, C.B. (2018). Cyber-Physical Systems Governance: A Framework for (Meta)CyberSecurity Design. In: Masys, A. (eds) Security by Design. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-78021-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-78021-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78020-7
Online ISBN: 978-3-319-78021-4
eBook Packages: Law and CriminologyLaw and Criminology (R0)