A. Mashkoor, J. Sametinger, M. Biro, A. Egyed: Security‐ and safety‐critical cyber‐physical systems, in Journal of Software: Evolution and Process, Wiley, December, 10, 2019. Doi: 10.1002/smr.2239


Cyber‐physical systems (CPSs) are physical embedded systems with enhanced operations for monitoring, coordination, control, and integration by a computing and communication core. Examples of CPSs include transportations systems, medical systems, and manufacturing systems. A CPS can be security‐critical, safety‐critical, or both. A CPS communicating with the outside world and thus opening an attack vector through the communication channel is considered to be a security‐critical CPS. On the other hand, a CPS is considered to be safety‐critical if it can harm its environment, eg, a malfunctioning autonomous vehicle might harm its passengers. A CPS dealing with both security and safety concerns is considered to be a security‐ and safety‐critical CPS.

Contemporary systems and software engineering methods often prove inadequate for the trustworthy and reliable design and engineering of CPSs. Traditional engineering deals with security and safety issues as separate problems. However, given the coordination and communication features of CPSs, such a “separation‐of‐concerns” approach is no longer adequate. We need integrated methods to deal with security and safety concerns within CPSs.