{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T23:17:34Z","timestamp":1778887054597,"version":"3.51.4"},"reference-count":33,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2019,4,4]],"date-time":"2019-04-04T00:00:00Z","timestamp":1554336000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Systems"],"abstract":"<jats:p>Despite \u201ccyber\u201d being in the name, cyber\u2013physical systems possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. Furthermore, vulnerabilities to cyber\u2013physical systems can have significant safety implications. The physical and cyber interactions inherent in these systems require that cyber vulnerabilities not only be defended against or prevented, but that the system also be resilient in the face of successful attacks. Given the complex nature of cyber\u2013physical systems, the identification and evaluation of appropriate defense and resiliency strategies must be handled in a targeted and systematic manner. Specifically, what resiliency strategies are appropriate for a given system, where, and which should be implemented given time and\/or budget constraints? This paper presents two methodologies: (1) the cyber security requirements methodology and (2) a systems-theoretic, model-based methodology for identifying and prioritizing appropriate resiliency strategies for implementation in a given system and mission. This methodology is demonstrated using a case study based on a hypothetical weapon system. An assessment and comparison of the results from the two methodologies suggest that the techniques presented in this paper can augment and enhance existing systems engineering approaches with model-based evidence.<\/jats:p>","DOI":"10.3390\/systems7020021","type":"journal-article","created":{"date-parts":[[2019,4,4]],"date-time":"2019-04-04T11:31:57Z","timestamp":1554377517000},"page":"21","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["A Preliminary Design-Phase Security Methodology for Cyber\u2013Physical Systems"],"prefix":"10.3390","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4083-8142","authenticated-orcid":false,"given":"Bryan","family":"Carter","sequence":"first","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1207-4504","authenticated-orcid":false,"given":"Stephen","family":"Adams","sequence":"additional","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4992-0193","authenticated-orcid":false,"given":"Georgios","family":"Bakirtzis","sequence":"additional","affiliation":[{"name":"Computer Science and Electrical &amp; Computer Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9545-2274","authenticated-orcid":false,"given":"Tim","family":"Sherburne","sequence":"additional","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2196-6982","authenticated-orcid":false,"given":"Peter","family":"Beling","sequence":"additional","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Barry","family":"Horowitz","sequence":"additional","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6335-471X","authenticated-orcid":false,"given":"Cody","family":"Fleming","sequence":"additional","affiliation":[{"name":"Systems Engineering, University of Virginia, Charlottesville, VA 22904, USA"},{"name":"Mechanical and Aerospace Engineering, University of Virginia, Charlottesville, VA 22904, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,4,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Yampolskiy, M., Horvath, P., Koutsoukos, X.D., Xue, Y., and Sztipanovits, J. (2013, January 9\u201311). Taxonomy for description of cross-domain attacks on CPS. Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, Philadelphia, PA, USA.","DOI":"10.1145\/2461446.2461465"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1016\/j.ijcip.2014.09.003","article-title":"A language for describing attacks on cyber\u2013physical systems","volume":"8","author":"Yampolskiy","year":"2015","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_3","unstructured":"Krebs, B. (2019, April 03). Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop. Available online: https:\/\/krebsonsecurity.com\/2017\/09\/equifax-hackers-stole-200k-credit-card-accounts-in-one-fell-swoop\/."},{"key":"ref_4","unstructured":"(2018). Alert (ICS-ALERT-14-176-02A) ICS Focused Malware (Update A), Cyberseurity and Infrastructure Security Agency (CISA)."},{"key":"ref_5","unstructured":"(2014). Advisory (ICSA-10-201-01C) USB Malware Targeting Siemens Control Software (Update C), Cyberseurity and Infrastructure Security Agency (CISA)."},{"key":"ref_6","unstructured":"Frola, F., and Miller, C. (1984). System Safety in Aircraft Management, Logistics Management Institute."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Saravi, M., Newnes, L., Mileham, A.R., and Goh, Y.M. (2008). Estimating cost at the conceptual design stage to optimize design in terms of performance and cost. Collaborative Product and Service Life Cycle Management for a Sustainable World, Springer.","DOI":"10.1007\/978-1-84800-972-1_11"},{"key":"ref_8","unstructured":"Strafaci, A. (CE News, Tranportation, 2014). What Does BIM Mean for Civil Engineers, CE News, Tranportation."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/S0925-7535(03)00047-X","article-title":"A new accident model for engineering safer systems","volume":"42","author":"Leveson","year":"2004","journal-title":"Saf. Sci."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Leveson, N. (2011). Engineering a Safer World: Systems Thinking Applied to Safety, MIT Press.","DOI":"10.7551\/mitpress\/8179.001.0001"},{"key":"ref_11","first-page":"92","article-title":"ISO\/IEC 27000, 27001 and 27002 for information security management","volume":"4","author":"Disterer","year":"2013","journal-title":"J. Inf. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","article-title":"Eliciting security requirements with misuse cases","volume":"10","author":"Sindre","year":"2005","journal-title":"Requir. Eng."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Haley, C.B., Moffett, J.D., Laney, R., and Nuseibeh, B. (2016, January 20\u201321). A framework for security requirements engineering. Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems, Shanghai, China.","DOI":"10.1145\/1137627.1137634"},{"key":"ref_14","unstructured":"Kotonya, G., and Sommerville, I. (1998). Requirements Engineering: Processes and Techniques, Wiley."},{"key":"ref_15","unstructured":"Haley, C.B., Moffett, J.D., Laney, R., and Nuseibeh, B. (2005, January 29). Arguing security: Validating security requirements using structured argumentation. In Proceeding of the 3rd Symposium on Requirements Engineering for Information Security (SREIS\u201905), Paris, France."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/MSP.2010.117","article-title":"Verification, validation, and evaluation in information security risk management","volume":"9","author":"Fenz","year":"2011","journal-title":"IEEE Secur. Priv."},{"key":"ref_17","unstructured":"Shostack, A. (2014). Threat Modeling: Designing for Security, John Wiley and Sons."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Young, W., and Leveson, N.G. (2013, January 9\u201313). Systems thinking for safety and security. Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC 2013), New Orleans, LA, USA.","DOI":"10.1145\/2523649.2530277"},{"key":"ref_19","unstructured":"Beach, P.M., Mills, R.F., Burfeind, B.C., Langhals, B.T., and Mailloux, L.O. (August, January 30). A STAMP-based approach to developing quantifiable measures of resilience. Proceedings of the 16th International Conference on Embedded Systems, Cyber\u2013Physical Systems, and Applications (ESCS 2018), Las Vegas, NV, USA."},{"key":"ref_20","first-page":"183","article-title":"STPA-SafeSec: Safety and security analysis for cyber\u2013physical systems","volume":"34","author":"Friedberg","year":"2017","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Goldman, H., McQuaid, R., and Picciotto, J. (2011, January 15\u201317). Cyber resilience for mission assurance. Proceedings of the 2011 IEEE International Conference onTechnologies for Homeland Security (HST 2011), Waltham, MA, USA.","DOI":"10.1109\/THS.2011.6107877"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Jones, R.A., and Horowitz, B. (2011, January 11\u201313). System-aware cyber security. Proceedings of the 2011 Eighth International Conference on Information Technology: New Generations (ITNG 2011), Las Vegas, NV, USA.","DOI":"10.1109\/ITNG.2011.158"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1002\/sys.21206","article-title":"A system-aware cyber security architecture","volume":"15","author":"Jones","year":"2012","journal-title":"Syst. Eng."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Adams, S., Carter, B., Fleming, C., and Beling, P.A. (2018, January 1\u20133). Selecting System Specific Cybersecurity Attack Patterns Using Topic Modeling. Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00076"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Bakirtzis, G., Carter, B.T., Elks, C.R., and Fleming, C.H. (2018, January 23\u201326). A model-based approach to security analysis for cyber\u2013physical systems. Proceedings of the 2018 Annual IEEE International Systems Conference (SysCon 2018), Vancouver, BC, Canada.","DOI":"10.1109\/SYSCON.2018.8369518"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Bakirtzis, G., Simon, B.J., Fleming, C.H., and Elks, C.R. (2018). Looking for a Black Cat in a Dark Room: Security Visualization for Cyber\u2013Physical System Design and Analysis. arXiv.","DOI":"10.1109\/VIZSEC.2018.8709187"},{"key":"ref_27","unstructured":"Horowitz, B., Beling, P., Fleming, C., Adams, S., Carter, B., Sherburne, T., Elks, C., Bakirtzis, G., Shull, F., and Mead, N.R. (2018). Cyber Security Requirements Methodology, Stevens Institute of Technology. Technical Report SERC-2018-TR-110."},{"key":"ref_28","unstructured":"Bakirtzis, G., Carter, B.T., Fleming, C.H., and Elks, C.R. (2017). MISSION AWARE: Evidence-Based, Mission-Centric Cybersecurity Analysis. arXiv."},{"key":"ref_29","unstructured":"Carter, B.T. (2018). Model-Based Methodology for Identifying and Evaluating Resiliency Strategies for Cyber-Phsyical Systems. [Master\u2019s Thesis, University of Virginia]."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Vanderperren, Y., and Dehaene, W. (2006, January 6\u201310). From UML\/SysML to Matlab\/Simulink: current state and future perspectives. Proceedings of the Conference on Design, Automation and Test in Europe. European Design and Automation Association, Munich, Germany.","DOI":"10.1109\/DATE.2006.244002"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kawahara, R., Dotan, D., Sakairi, T., Ono, K., Nakamura, H., Kirshin, A., Hirose, S., and Ishikawa, H. (2009, January 2\u20135). Verification of embedded system\u2019s specification using collaborative simulation of SysML and simulink models. Proceedings of the 2009 International Conference on Model-Based Systems Engineering, Haifa, Israel.","DOI":"10.1109\/MBSE.2009.5031716"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Feiler, P.H., Gluch, D.P., and Hudak, J.J. (2006). The Architecture Analysis and Design Language (AADL): An Introduction, Software Engineering Institute, Carnegie-Mellon University. Technical Report CMU\/SEI-2006-TN-011.","DOI":"10.21236\/ADA455842"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Behrmann, G., David, A., and Larsen, K.G. (2004). A tutorial on Uppal. Formal Methods for the Design of Real-Time Systems, Springer.","DOI":"10.1007\/978-3-540-30080-9_7"}],"container-title":["Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-8954\/7\/2\/21\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:43:04Z","timestamp":1760186584000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-8954\/7\/2\/21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,4]]},"references-count":33,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,6]]}},"alternative-id":["systems7020021"],"URL":"https:\/\/doi.org\/10.3390\/systems7020021","relation":{},"ISSN":["2079-8954"],"issn-type":[{"value":"2079-8954","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,4]]}}}