What are Cyber Physical Systems?

In Part 1 of this new Cyber Physical Systems series, I will discuss what CPS is, where it came from, a definition of CPS along with examples and some more beginner information.

What is a Cyber Physical System?

A cyber physical system in essence is the integration of computing and the physical domain, to improve the reliability and performance of a physical system.

For a simple example, the power grid system and water distribution systems are some of the most important examples of CPS in daily life and modern civilization.

In terms of the ethics behind these types of systems, I can't explain it any better than the following video does. The video is by the Science Technology Option Assessment (STOA) which is a panel of European parliament (who better to talk about ethics, right?):

The video above simply discusses a good understanding of what CPS is, where it is headed, and some of the most important aspects of it. A very summarized version of the video minus the legislative/regulation stuff:

• CPS are technical systems in which computers and robots interact with the physical world.

• Benefits of CPS include increasing efficiency and sustainability and creating new markets and growth.

• Through deployment, old jobs will be lost and new ones will be created (i.e. repairing robots, mediating between robots and humans).

• Some examples of CPS includes automated cars, mass customization of products, telecare alarm systems and CPS treatment tools, smart aids for disabled citizens & drones/military robots.

With this further definition, you can immediately start to see the risk if these devices/systems are hacked or lack any type of security.

Above I gave some simple examples of more industry related CPS. However, some simple CPS examples that could be in your home or daily life right now can include things like:

• Smart switch/plug

• Patient monitoring systems

• Smart heater/electricity monitoring tool

All of the above have two main components - cyber and physical part meaning you can control some physical aspects via cyber. For example, a smart plug allows you to connect it to your phone/Amazon Alexa and be able to turn it on/off from your cyber device.

The Birth of CPS

Before delving deeper, the following Venn diagram illustrates the CPS domain well:

The physical systems include things like boilers, generators, valves, power distribution systems, relays, etc... and the cyber systems include things like computers that control the sensors that get the data, networking devices, embedded devices, etc...

When you join them together, you get a cyber physical system - a combination of some valves that are controlled over the network or via a computer as an example.

Everything started with electronics getting better, cheaper, and more accessible which resulted in the formation of computer networks, industrial controllers, mobile networks, and the internet. This advancement and desire for more information and control of physical systems have increased the number of cyber physical systems over the years.

The following diagram displays the evolution of the digital economy:

In the 1980s, there was limited computer hardware (i.e. only for scientists), but as the years developed it became more and more mainstream. In turn, it changed the economy as a whole.

For example, production lines became more automated with the utilization of robotics and the food industry became more automated with the rise of smartphones and home delivery applications.

The digitalization of the economy and processes started to form from the 1980s and many processes and services that were less physical just began to shift towards becoming digital and less physical due to multiple reasons including:

• Entertainment (netflix, streaming platforms)

• Finance (online banking)

• Music

• Communication (remote working)

• Publishing

• Consultancy

• Banking

• Administration

By the 21st century, the physical systems began to become digital. The physical systems became more integrated with computer networks (i.e. the internet). Concepts and technologies such as IoT, CPS, embedded systems, cloud manufacturing and industry 4.0, smart factories, etc... boosted the move towards CPS as we know it.

There are some differences between the traditional and digital economy. A really good breakdown of which can be found here.

Definition of CPS

A definition of CPS can be defined as:

“An integration of computation and physical processes”

In essence, embedded computers and networks monitor and control physical processes. These physical processes affect the results of the computation and vice-versa. It is the intersection of the physical and cyber world and we must understand their interaction as a whole.

A famous mathematician (Norbert Wiener) defined cybernetics (before CPS) as

“the science of control and communications in the animal and the machine”

Cybernetics is a wide-ranging field concerned with regulatory and purposive systems. Cybernetic systems are various kinds of automatic control devices in engineering. For example, an automatic pilot or a controller that maintains a constant temperature in a room, electronic computers, human brain, ..... (read more here).

This is the first definition of cybernetics which lead in to the definition of Cyber Physical Systems.

The term CPS was emerged by Dr Helen Gill at the National Science Foundation and is believed to stem from the cybernetics. In short, cybernetics can be viewed as the older and deeper root of CPS.

There are many different yet similiar definitions of CPS (as there always is in security/computing):

• NIST describes CPS as "interacting digital, analogue, physical, and human components engineered for function through integrated physics and logic"

• Edward A Lee describes it as "integration of computation with physical processes"

• Finally, Peter Marwedel defines it as "embedded systems, together with their physical environment" - i.e. no separation between them.

Although CPS are relatively a new definition and concept (est. 2006), their components are well defined and clear.

A CPS has a physical part which consists of sensors and actuators, and a cyber part that consists of computers that control the physical part through a communication system (computer network).

One of the biggest differences between CPS and cyber systems is that the (actuator) operations in CPS are often non-reversible. Rollback is usually available in cyber systems however, consequences of physical operations performed by the actuators are usually not reversible (either difficult or impossible).

As an example, for a cyber system, when you download the patch/update and it messes something up (we’ve all been there), you can use a snapshot or undo the update.

This is usually not possible in a physical system - i.e. you turn on your heating/thermostat which increases your room temperature and you cannot quickly undo that (the energy has been used, the temperature has increased, etc..). A basic example, but effective nonetheless.

Many research areas are closely related to CPS:

• IoT

• Cloud

• Big Data

• WSN (Wireless Sensor Networks)

• M2M (Machine to Machine)

CPS could retrieve a ton of data (big data) which could be stored in the cloud. CPS could also be communicating between two different machines (M2M). It also has a huge overlap with IoT and quite a lot of IoT devices could be considered as CPS.

It all comes together!

Cyber vs Physical Domain

Just a very quick section about the impact on both of these domains. We know that CPS is a combination of both of these domains and in terms of security, it could have a devastating impact. But what about an example of an incident on separate domains?

An example of the impact in the cyber domain most recently was the Meta/Facebook/Whatsapp outage on Oct 4th 2021 - it didn’t have a massive impact on our everyday lives. Maybe we couldn’t message people or check our social network timeline to catch up on the updates of our friends, but in the long run, it didn’t have a devastating impact on us.

An example of the impact in the physical domain was the Colonial Pipeline attack that essentially crippled parts of the US - the public was panicking, gas stations were running out of supplies, people were stocking up like the apocalypse was coming and it created a sort of mini panic event across the country. Whilst it was resolved rather quickly, the impact it caused was a taste of what could come in the near future.

CPS Map

To round off Part 1, there is a really good map that discusses more areas of CPS and is provided by NIST. I highly recommend taking a look, clicking around and researching if this topic interests you as this will be a huge thing in the coming years not just regarding technology in general, but in cybersecurity as well.