[SOUND]. Hi, welcome back to the video lectures on web connectivity and security in cyber-physical systems. This lesson starts the second part of the course. This part includes two modules, and it's dedicated to system security issues and their solutions. We will learn about different security technologies and methods and learn how to utilize these in securing and protecting cyber physical systems against cyber attacks. In this video lecture, we will look into basic security requirements of cyber physical systems. Several physical systems facilitate a wide range of solutions and services that help people in their daily lives. However, providing these solutions and services in a reliable safe and secure manner is not at all trivial. On the contrary, there are many challenging issues that need to be appropriately addressed. For example, dealing with sensitive or safety-critical data, if this data is not properly protected, can lead to significant financial losses, loss of privacy or reputation, mental suffering or physical damage. It could even endanger lives. So, among issues and challenges involved in design and deployment of cyber physical systems, security has a very important role. Cyber physical systems have their own specific security issues. This is because of their special characteristics. First of all, as they are involving physical processes, they are tightly coupled with their physical environments. So any changes in their environments, especially on expected changes that haven't been considered at design time will affect them, and potentially make them more vulnerable to security breaches. This is true the other way around as well. Security breaches in cyber-physical systems can have serious influence on their environments. Second, cyber-physical systems can be composed of a very large number of different devices with different computing platforms and capabilities. In general, most devices in cyber physical systems are resource constrained, meaning that they don't have much processing, storage, or power capacity to execute complex operations. This poses challenges for applying efficient security counter-measures that may require a relatively high amount of resources. Third, cyber-physical systems can be massively networked systems. They can use various communication technologies between devices ranging from simple wired connections to different wireless technologies with different ranges and characteristics. So they can be highly complex and heterogeneous systems making it harder to find optimal solutions to ensure secure transmission of data everywhere in the system. Finally, cyber physical systems are typically highly autonomous with embedded intelligence controlling many operations. This reduces the need for manual control and supervision. Which on one hand is an advantage, because the risk for human error is reduced. On the other hand, the user must be able to rely on the autonomous system to be protected against malicious attacks that aim to secretly alter the behavior of the system, or to steal sensitive information. In general, we can classify the security requirements of cyber physical systems into several categories. In a system, which interacts with a physical environment, validity and accuracy of sensed data is very important. So, proper protection of sensors and their data is of high importance in such a system. Data collected from multiple sensors needs to be store temporarily. Malicious unauthorized modification of this stored data results in errors and is further processing and can have serious consequences. For this reason, the data while in storage needs to be protected against any unauthorized access and modification. In some large cyber physical systems, the data may be collected from a very large group of sensors over some time period resulting in a very large set of data or beak data. The more data you have the more complex and difficult it is to properly secure this data. Many cyber physical systems are networked and distributed. Sensitive data is transmitted through heterogeneous communication channels. Communication security is needed within a system and between systems. We will discuss different communication security protocols in other video lectures. In a system which carries out autonomous operations through its actuators, it is of key importance to make sure that all actuations are authorized and according to the latest policies of the system. Feedback loops play an important role in cyber physical system control. A system's embedded intelligence and ability to learn are largely based on feedback of its actuations. Therefore the feedback data needs to be appropriately protected against tampering attempts. Finally, the system may have some application specific security requirements, depending on the nature of the applications running in the system. Cyber physical systems have both physical and cyber aspects that need to be taken into account when designing security counter measures. In developing security solutions for cyber physical systems, we need to keep in mind that attacks can also be indirect meaning that they can aim to affect the physical environment in such a way that data coming from sensors is corrupted and misleading resulting in unexpected behavior or even system failure. The system needs to be designed to detect abnormal physical conditions, and act in a safe way in these situations. Also, the system should always be protected against physical tampering whenever possible. Security counter measures must be considered in the design phase of a cyber physical system. Security by design means designing the system as free of vulnerabilities and resistant against attacks as possible. This can be achieved by continuous testing and careful design of rigorous authentication solutions and hardware and software components of the system. In this lesson, we discussed different security requirements of cyber-physical systems. In the next video lecture, we will learn more about the key security concepts in cyber-physical systems. [SOUND]
