(black-box behavior), robustness, predictability (such as when data is outside a training set), and how to cost-effi-ciently verify, validate, and assure such
systems.
29, 30 In addition, CPS systems
must function in increasingly complex
environments, as in automated driving.
Describing such varying environments
and systematically dealing with uncertainty represent further key challenges
that have been addressed in such European research projects as Pegasus31 and
the U.K. EPSRC-funded S4: Science for
Sensor Systems in 2016.32
Safety and security engineering
concerns the connectivity and spread
of CPS and provides new attack surfaces that could exploit vulnerabilities in
the cyber and/or physical side, as well
as among human stakeholders. This
implies existing security approaches
are not suitable. Moreover, security
may affect safety, thus calling for integrated and balanced security and
safety trade-offs and development of
new methodologies. The widespread
use of CPS systems and their increasing automation imply that existing
safety-engineering approaches are
not sufficient, and, in particular, that
future CPS will need to deal with risk
explicitly, incorporating measures
of dynamic risk, as compared, again,
with automated driving. An example
of security research in Europe comes
from the £23M PETRAS Research Hub
in the U.K., which involves 60 projects
researching the various aspects of Io T/
CPS security, from devices to social
practice, and have produced a landmark report, The Internet of Things: Realising the Potential of a Trusted Smart
World,
33 co-produced with the Royal
Academy of Engineering.
It is infeasible to predict all possi-
ble faults, threats, and failure modes
for future CPS. Systems will have to
be resilient, with built-in build moni-
tors and error handlers to ensure cost-
efficient dependability. Examples of
European efforts include the MBAT
project that gave European industry a
leading-edge affordable and effective
validation-and-verification technol-
ogy in the form of a Reference Tech-
nology Platform (the MBAT RTP) and
the AQUAS project, which is devel-
oping solutions for safety/security/
performance co-engineering, as in
Sillitto.
34 Europe has a strong tradi-
DW1000 chip, overcoming many of
bulkiness and power-consumption is-
sues and storming the field of real-time
location-tracking systems. Indeed, the
potential here is enormous, especially
if UWB chips eventually find their way
into smartphones where UWB could
trigger a new wave of location-based
IoT/CPS services with an impact com-
parable to (if not greater than) that
achieved by GPS.
Trust, Safety, Security,
Privacy (Guarantees)
CPS and IoT provide unprecedented
capabilities and opportunities for
the benefit of society. But it will be
achieved through corresponding unprecedented technological complexity that also introduces new risks that
need to be recognized, debated, and
dealt with appropriately. This is essential since future CPS and Io T will be
widespread and underpin a large number of critical societal infrastructures,
including water, energy, transportation, and healthcare, all relying on the
proper operation of the technologies.
A key concern is that current engi-
neering methodologies are generally
viewed as inadequate for next-genera-
tion CPS. Consequently, multiple calls
have been issued from the EU for new
methodologies, including Platform-
4CPs,
25 AENEAS,
26 and the Acatech
National Academy of Science and En-
gineering.
27 The full potential of future
CPS can be obtained only when new en-
gineering methodologies are in place
to ensure future CPS systems are suf-
ficiently safe, secure, available, privacy-
preserving, and overall trustworthy. A
science for CPS engineering is needed.
Europe is positioned well in this regard
to address the key challenges of com-
plexity management, safety, and secu-
rity by design and privacy.
Complexity management of IoT/
CPS systems is important because they
inherit the complexity of their cyber
and physical parts. There is a lack of
approaches to systematically accom-
plish “composability” of CPS compo-
nents, meaning achieving integration
of CPS components is difficult with-
out negative, sometimes unknown,
side effects, or emerging behaviors.
28
Composability for CPS must address
the multifaceted dependencies in CPS
across components, functions, and
system-level properties. An example
of a European stronghold is the effort
driven by Kopetz on composable time-
triggered architectures, with research
funded through several EU projects
that have influenced many commu-
nication protocols for CPS, delivered
reusable architectural services for
exploitation across platforms of dif-
ferent domains (INDEXYS project in
2008), and paved the way for success-
ful companies like TTTech.
20
The use of machine learning, par-
ticularly deep learning, provides a nov-
el technology within CPS. While such
technologies enable entirely new types
of applications, they raise concerns
about how to deal with transparency
Microcontroller. Computer on a single chip, with one or more processor cores, memory,
and input/output peripherals.
Sensor nodes/mode. Generic way to describe sensor-based devices, typically consisting
of several sensors and radio communications module(s) governed by a microcontroller.
Different from phones and traditional computers, they are a few centimeters in size
without keyboard or screen. An example is the University of California, Berkeley, TMote
Sky sensor node consisting of the CC2420 ZigBee near-range communications, an
MSP430 low-power microcontroller packed into a matchbox-size form factor.
Actuator. A device that controls other devices (such as valves and switches).
European Research Council. A body that funds technological research in the EU. Its
framework funding programs include FP7 (Framework Programme) finished in 2013,
giving way to H2020 (Horizon 2020). On top of this, each EU country also has national
funding infrastructures, as in EPSRC in the U. K. and DFG in Germany.
IETF. The IETF is a large open international community of network designers, operators,
vendors, and researchers concerned with the evolution of Internet architecture and
smooth operation of the Internet; for more, see https://www.ietf.org/about/
Some Definitions