Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems

Faults in the realization and usage of cyber-physical systems can cause significant security issues. Attackers might exploit vulnerabilities in the physical configurations, control systems, or accessibility through internet connections. For CPS, two challenges are combined: Firstly, discipline-specific security measures should be applied. Secondly, new measures have to be created to cover interdisciplinary impacts. For instance, faulty software configurations in cyber-physical production systems (CPPS) might allow attackers to manipulate the correct control of production processes impacting the quality of end products. From liability and publicity perspective, a worst-case scenario is that such a corrupted product is delivered to a customer. In this context, security-oriented fault-tolerance in Systems Engineering (SE) requires measures to evaluate interdisciplinary system designs with regard to potential scenarios of attacks. The paper at hand contributes a conceptual threat modelling approach to cover potential attack scenarios. The approach can be used to derive both system-level and discipline-specific security solutions. As an application case, issues are focused on which attackers intend to exploit vulnerabilities in a CPPS. The goal is to support systems engineers in verification and validation tasks regarding security-oriented fault-tolerance.