Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things Viacheslav Izosimov, Martin Törngren Machine Design, The Royal Institute of Technology, Stockholm, Sweden viacheslav.v.izosimov@ieee.org, martint@kth.se Abstract— In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line society- critical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest. Keywords— security awareness; cyber-physical systems; attack vectors; commercial vehicles; hardware security I. INTRODUCTION Often researchers place weight on technical part of security solutions, with less attention to “human ingredients”, system developers and users. Security knowledge and awareness of engineers that implement or install a system can be as critical as the choice of a crypto algorithm and a proper key management infrastructure. The system will not be more secure than the knowledge in security of its creators. Security-awareness of system users and operators are critical to ensure that the system is not compromised. Irrespective of the technical quality, any solution becomes effectively unsecure if the user leaks out passwords or blindly accepts installation of malicious software. In this paper, our focus will be on smart cyber-physical systems in Internet of Things (IoT) that provide services critical for society. Examples of these smart systems include connected passenger cars, intelligent transportation systems, smart household appliances and alike. We consider them together with their drivers, operators, installation engineers and other persons directly and indirectly involved into their creation and during operation. These systems “live” in the Internet, providing and requesting services. The IoTs are nowadays part of infrastructures in healthcare, energy, transportation and many others. The level of interaction in these infrastructures has increased substantially with advances in development and enhancement of clouding. It raises concerns for robustness and trustworthiness. A fault or a malicious attack on one of system’s, even the least critical, components, even a very innocent one at first glance, may affect other, critical, ones. We will also look into examples of “not yet smart” systems and will advocate that they must be designed with the same level of security requirements as those connected to the Internet. Otherwise, these “not yet smart” systems pose potential serious threats to society when they unintentionally find their ways to the connected world, in situations often unexpected. In a modern society, it is nearly impossible to avoid these connections, due to actions of users, due to system complexity and sometimes due to security negligence of system developers. Both developers and users play a key role in security of an embedded product as discussed in the Roundtable on Cyber- Physical Security [1]. With respect to applicable research methods, Tariq, Brynielsson and Artman studied the problem of users’ security awareness in [2] where they conducted a number of semi-structured interviews in a large telecommunication organization. In our case, we use a similar approach to evaluate security-awareness of developers, engineers and academics, by conducting a number of interviews and surveys. For the users, we browse public reports, media and non-scientific journals as well as study product manuals and installation guidelines, to cover sources of information available to general public. We further study user awareness in a user-centric survey. To evaluate state of practice in security of existing systems, we also study two practical attacks that are possible, in particular, due to security-unawareness of system developers and users. The attacks involve a connected smart product, a modern commercial vehicle, and an off-line critical facility. The contributions of this paper are as follows: • We advocate that security awareness of users and developers of modern embedded systems is essential. • We evaluate two practical attacks, (i) an app attack on a Bluetooth interface of a modern car and (ii) an attack on an off-line critical facility. • We highlight importance of hardware security as an essential component of the overall cyber-physical security. • We suggest a number of countermeasures and discuss roles of authorities to facilitate security-awareness of both users and developers of modern embedded systems. II. BACKGROUND AND RELATED LITERATURE Evolving of Internet of Things (IoTs) pose substantial security challenges both technically and with respect to the users and developers. For example, Elkhodr, Shahrestani and Cheung [3] advocated for a number of possible attacks in IoTs, considering such specific IoT aspects as object naming, interoperability and identity management. In [4], Roman, Najera and Lopez highlighted challenges for dealing with security in IoTs, in particular, those related to scalability of solutions and dramatically increased amount of interactions. In some special cases of IoTs, for example, in smart power grids, security was considered on a physical connectivity level [5] and at a system level [6, 7]. In [6], Yilin Mo et al. presented an interesting attack model for smart power grid systems. In [7], a particular case for coordinated data-injection attack on power grid was discussed. Authors suggested a detection mechanism for this attack and pointed out the fact that the attack detection can be computationally sophisticated for a large grid. This is, in fact, one of the greatest challenges in any IoT infrastructure. It is one of the reasons why developers and users become critical. IoT