A Systems-Theoretic, Model-Based Methodology for Identifying and Evaluating Resiliency Strategies for Cyber-Physical Systems

Despite their name, cyber-physical systems (CPS) possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. While software systems can be secured using defensive measures, the physical and component interactions inherent to CPS require them not only be defended against, but to also be resilient to cyber vulnerabilities. Given the complex nature of CPS, the identification and evaluation of appropriate resiliency strategies must be handled in a targeted and systematic manner. Specifically, what resiliency strategies are appropriate for a given system, where, and which should be implemented given time and/or budget constraints? This thesis presents a systems-theoretic, model-based methodology for identifying and prioritizing appropriate resiliency strategies for implementation in a given CPS and mission. This methodology is demonstrated using a case study based on a hypothetical US Army weapon system. A comparison of the results to the Cyber Security Requirements Methodology (CSRM) suggest that the technique presented in this thesis can augment and enhance existing techniques with model-based evidence.