Communications of the ACM

(black-box behavior), robustness, predictability (such as when data is outside a training set), and how to cost-effi-ciently verify, validate, and assure such systems. 29, 30 In addition, CPS systems must function in increasingly complex environments, as in automated driving. Describing such varying environments and systematically dealing with uncertainty represent further key challenges that have been addressed in such European research projects as Pegasus31 and the U.K. EPSRC-funded S4: Science for Sensor Systems in 2016.32

Safety and security engineering concerns the connectivity and spread of CPS and provides new attack surfaces that could exploit vulnerabilities in the cyber and/or physical side, as well as among human stakeholders. This implies existing security approaches are not suitable. Moreover, security may affect safety, thus calling for integrated and balanced security and safety trade-offs and development of new methodologies. The widespread use of CPS systems and their increasing automation imply that existing safety-engineering approaches are not sufficient, and, in particular, that future CPS will need to deal with risk explicitly, incorporating measures of dynamic risk, as compared, again, with automated driving. An example of security research in Europe comes from the £23M PETRAS Research Hub in the U.K., which involves 60 projects researching the various aspects of Io T/ CPS security, from devices to social practice, and have produced a landmark report, The Internet of Things: Realising the Potential of a Trusted Smart World, 33 co-produced with the Royal Academy of Engineering.

It is infeasible to predict all possi-
ble faults, threats, and failure modes
for future CPS. Systems will have to
be resilient, with built-in build moni-
tors and error handlers to ensure cost-
efficient dependability. Examples of
European efforts include the MBAT
project that gave European industry a
leading-edge affordable and effective
validation-and-verification technol-
ogy in the form of a Reference Tech-
nology Platform (the MBAT RTP) and
the AQUAS project, which is devel-
oping solutions for safety/security/
performance co-engineering, as in
Sillitto. 34 Europe has a strong tradi-
DW1000 chip, overcoming many of
bulkiness and power-consumption is-
sues and storming the field of real-time
location-tracking systems. Indeed, the
potential here is enormous, especially
if UWB chips eventually find their way
into smartphones where UWB could
trigger a new wave of location-based
IoT/CPS services with an impact com-
parable to (if not greater than) that
achieved by GPS.

Trust, Safety, Security,
Privacy (Guarantees)

CPS and IoT provide unprecedented capabilities and opportunities for the benefit of society. But it will be achieved through corresponding unprecedented technological complexity that also introduces new risks that need to be recognized, debated, and dealt with appropriately. This is essential since future CPS and Io T will be widespread and underpin a large number of critical societal infrastructures, including water, energy, transportation, and healthcare, all relying on the proper operation of the technologies.

A key concern is that current engi-
neering methodologies are generally
viewed as inadequate for next-genera-
tion CPS. Consequently, multiple calls
have been issued from the EU for new
methodologies, including Platform-
4CPs, 25 AENEAS, 26 and the Acatech
National Academy of Science and En-
gineering. 27 The full potential of future
CPS can be obtained only when new en-
gineering methodologies are in place
to ensure future CPS systems are suf-
ficiently safe, secure, available, privacy-
preserving, and overall trustworthy. A
science for CPS engineering is needed.
Europe is positioned well in this regard
to address the key challenges of com-
plexity management, safety, and secu-
rity by design and privacy.
Complexity management of IoT/
CPS systems is important because they
inherit the complexity of their cyber
and physical parts. There is a lack of
approaches to systematically accom-
plish “composability” of CPS compo-
nents, meaning achieving integration
of CPS components is difficult with-
out negative, sometimes unknown,
side effects, or emerging behaviors. 28
Composability for CPS must address
the multifaceted dependencies in CPS
across components, functions, and
system-level properties. An example
of a European stronghold is the effort
driven by Kopetz on composable time-
triggered architectures, with research
funded through several EU projects
that have influenced many commu-
nication protocols for CPS, delivered
reusable architectural services for
exploitation across platforms of dif-
ferent domains (INDEXYS project in
2008), and paved the way for success-
ful companies like TTTech. 20
The use of machine learning, par-
ticularly deep learning, provides a nov-
el technology within CPS. While such
technologies enable entirely new types
of applications, they raise concerns
about how to deal with transparency
Microcontroller. Computer on a single chip, with one or more processor cores, memory,
and input/output peripherals.

Sensor nodes/mode. Generic way to describe sensor-based devices, typically consisting of several sensors and radio communications module(s) governed by a microcontroller. Different from phones and traditional computers, they are a few centimeters in size without keyboard or screen. An example is the University of California, Berkeley, TMote Sky sensor node consisting of the CC2420 ZigBee near-range communications, an MSP430 low-power microcontroller packed into a matchbox-size form factor.

Actuator. A device that controls other devices (such as valves and switches).

European Research Council. A body that funds technological research in the EU. Its framework funding programs include FP7 (Framework Programme) finished in 2013, giving way to H2020 (Horizon 2020). On top of this, each EU country also has national funding infrastructures, as in EPSRC in the U. K. and DFG in Germany.

IETF. The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of Internet architecture and smooth operation of the Internet; for more, see https://www.ietf.org/about/ Some Definitions