Guidelines for Establishing and Maintaining Cyber-Physical-Systems' Cyber-Resilience
a. assess and address vulnerabilities and weaknesses of software for a cyber physical system utilizing systems engineering principles to ensure security and resilience throughout the lifecycle of the system,
b. conduct software assurance and analysis, considering impact on the product’s software, hardware, and firmware,
c. address different areas of concern that includes consideration of the interfaces and network of the system and command and control that could be manipulated through a physical process and/or physical input of the data flow and computation,
d. perform design validation and verification to assess security and resiliency of software impacting the cyber physical system safety, security and integrity across the complete lifecycle.
Rationale: This standard was created in response to a significant and increasing volume software exploits on a cyber physical system due to a broad range of attack vectors exploiting vulnerabilities and weaknesses with the integration of complex hardware, software, and firmware supporting the cyber physical system. Attack vectors are introduced through vulnerabilities and weaknesses in electronic parts and software that could be used to compromise cyber physical system function or gain access to critical and sensitive system information. Attack vectors can be introduced through hostile code at the time of software or firmware updates. Cyber physical systems are susceptible to compromising attacks due to counterfeit or tampered electronic parts with embedded malware or hardware Trojans or legitimate components with vulnerabilities and weaknesses due to the design.