Examination arrangement

Course content

Topics covered in the course are: Characteristics of CPS; Security and Privacy Concerns; Risk assessment for CPSs; Attacks Against CPSs; High-Profile, Real-World Attacks Against CPSs; Preventing Attacks; Detecting Attacks; Mitigating Attacks; Combined safety and security analysis of cyber-physical systems; Policy and Political Aspects of CPS Security; Industry Practices and Standards; the IEC 62443 standard; Security for specific CPS classes: Industrial Control Systems, Electric Power Grids, Transportation Systems and Autonomous Vehicles, Robotics and Advanced Manufacturing, Medical Devices, The Internet of Things.

Learning outcome

Having successfully completed the course, the students should have gained:

Knowledge

• Advanced knowledge of core concepts of cyber physical systems
• Advanced knowledge of the concepts of risk and risk assessment and how these apply to cybersecurity of cyber physical systems
• Advanced knowledge of technical, management, and policy issues in cyber physical systems security and safety
• Advanced knowledge of security and privacy issues in several application domains that incorporate cyber physical systems

Skills

• Ability to assess and use attack modelling approaches to analyze attacks against cyber physical systems
• Ability to critically analyze existing theories and methods for the study of cyber physical systems security and to independently apply such methods to related problems
• Ability to jointly analyze the security and safety of cyber physical systems, based on risk assessment and the use of barriers/countermeasures
• Ability to carry out independent research in selected areas of cyber physical systems security
• Ability to identify and critically analyze primary research literature on cyber physical systems security and to apply appropriate scientific reasoning

General competence

• Ability to apply knowledge of concepts and methods of analyzing the security of cyber physical systems to new fields
• Ability to present, assess and discuss the research results of others.
• Ability to discuss academic and professional topics in the field of modelling and securing cyber physical systems in selected domains both with a specialist and general audience
• Critical understanding of professional and ethical, including research ethics, issues in the field of cyber physical systems security

Learning methods and activities

Colloquia/interactive lectures, where it is expected that the students have familiarized themselves with the topic beforehand. Optional assignments.

Further on evaluation

The assessment is based on a final report. The grading rule is pass/fail. The minimum passing grade is 70/100 points (70%).

The re-sit exam, if there is one, will be a report.

Specific conditions

Recommended previous knowledge

Basic knowledge of concepts of cyber physical systems. Basic knowledge of concepts of industrial control systems and industrial control network protocols. Basic knowledge of risk assessment concepts and methods and of attack modelling methods. Some familiarity with industry standards relevant to the security of cyber physical systems and of industrial control systems, like e.g. IEC 62443. These topics are covered by e.g. the course IMT4203 Critical Infrastructure Security and IMT4125 Network Security.

Course materials

• Journal and conference papers, etc. Announced at the beginning of the term.
• K. Stouffer, V. Pilliteri, S. Lightman, M. Abrams, A. Hahn: NIST SP800-82Rev2: Guide to Industrial Control Systems Security. U.S. National Institute of Standards and Technology (2015)
• Saqib Ali, Taiseera Al Balushi, Zia Nadir, Omar Khadeer Hussain: Cyber Security for Cyber Physical Systems. Springer International Publishing (2018)
• Rausand, M. and Haugen, S. Risk Assessment: Theory, Methods, and Applications. Available at Wiley online https://onlinelibrary.wiley.com/doi/book/10.1002/9781119377351: Chapters 1, 2, 3.1-3.2 and 14.1-14.7, 17.