Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study
Industrial Control Systems (ICSs), a specialized type of Cyber–Physical System, have shifted from isolated and obscured environments to ones exposed to diverse Information Technology (IT) security threats, which are now highly interconnected. Their adoption of IT introduces vulnerabilities which the...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-06-01
|
| Series: | Machines |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2075-1702/13/7/538 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850077919524683776 |
|---|---|
| author | Ahmed Elmarkez Soraya Mesli-Kesraoui Pascal Berruet Flavio Oquendo |
| author_facet | Ahmed Elmarkez Soraya Mesli-Kesraoui Pascal Berruet Flavio Oquendo |
| author_sort | Ahmed Elmarkez |
| collection | DOAJ |
| description | Industrial Control Systems (ICSs), a specialized type of Cyber–Physical System, have shifted from isolated and obscured environments to ones exposed to diverse Information Technology (IT) security threats, which are now highly interconnected. Their adoption of IT introduces vulnerabilities which they were not originally designed to handle, posing critical risks. Thus, it’s imperative to integrate security measures early in CPS development, particularly during the design and implementation phases, to mitigate these vulnerabilities effectively. This study aims to identify, classify, and analyze existing research on the security-by-design paradigm for CPSs, exploring trends and defining the characteristics, advantages, limitations, and open issues of current methodologies. A systematic mapping study was conducted, selecting 55 primary studies through a rigorous protocol. The findings indicate that the majority of methodologies concentrate on the design phase, frequently overlooking other stages of development. Moreover, while there is a notable emphasis on security analysis across most primary studies, there is a notable gap in considering the integration of mitigation measures. This oversight raises concerns about the efficacy of security measures in real-world deployment scenarios. Additionally, there is a significant reliance on human intervention, highlighting the need for further development in automated security solutions. Conflicts between security requirements and other system needs are also inadequately addressed, potentially compromising overall system effectiveness. This work provides a comprehensive overview of CPS security-by-design methodologies and identifies several open issues that require further investigation, emphasizing the need for a holistic approach that includes vulnerability handling, clear security objectives, and effective conflict management, along with improved standard integration, advanced validation methods, and automated tools. |
| format | Article |
| id | doaj-art-049a1d95f17640ec863ff27ee3b79e6c |
| institution | DOAJ |
| issn | 2075-1702 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Machines |
| spelling | doaj-art-049a1d95f17640ec863ff27ee3b79e6c2025-08-20T02:45:42ZengMDPI AGMachines2075-17022025-06-0113753810.3390/machines13070538Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping StudyAhmed Elmarkez0Soraya Mesli-Kesraoui1Pascal Berruet2Flavio Oquendo3SEGULA Engineering, 165 rue de la Montagne du Salut, 56600 Lanester, FranceSEGULA Engineering, 165 rue de la Montagne du Salut, 56600 Lanester, FranceLaboratoire des Sciences et Techniques de l’information de la Communication et de la Connaissance (LAB-STICC), Université Bretagne Sud, Rue de Saint-Maudé, 56100 Lorient, FranceInstitut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université Bretagne Sud, Rue Yves Mainguy, BP 573, 56000 Vannes, FranceIndustrial Control Systems (ICSs), a specialized type of Cyber–Physical System, have shifted from isolated and obscured environments to ones exposed to diverse Information Technology (IT) security threats, which are now highly interconnected. Their adoption of IT introduces vulnerabilities which they were not originally designed to handle, posing critical risks. Thus, it’s imperative to integrate security measures early in CPS development, particularly during the design and implementation phases, to mitigate these vulnerabilities effectively. This study aims to identify, classify, and analyze existing research on the security-by-design paradigm for CPSs, exploring trends and defining the characteristics, advantages, limitations, and open issues of current methodologies. A systematic mapping study was conducted, selecting 55 primary studies through a rigorous protocol. The findings indicate that the majority of methodologies concentrate on the design phase, frequently overlooking other stages of development. Moreover, while there is a notable emphasis on security analysis across most primary studies, there is a notable gap in considering the integration of mitigation measures. This oversight raises concerns about the efficacy of security measures in real-world deployment scenarios. Additionally, there is a significant reliance on human intervention, highlighting the need for further development in automated security solutions. Conflicts between security requirements and other system needs are also inadequately addressed, potentially compromising overall system effectiveness. This work provides a comprehensive overview of CPS security-by-design methodologies and identifies several open issues that require further investigation, emphasizing the need for a holistic approach that includes vulnerability handling, clear security objectives, and effective conflict management, along with improved standard integration, advanced validation methods, and automated tools.https://www.mdpi.com/2075-1702/13/7/538security by designIndustrial Control SystemsCyber–Physical Systemcybersecuritysecurity engineeringsecurity integration |
| spellingShingle | Ahmed Elmarkez Soraya Mesli-Kesraoui Pascal Berruet Flavio Oquendo Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study Machines security by design Industrial Control Systems Cyber–Physical System cybersecurity security engineering security integration |
| title | Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study |
| title_full | Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study |
| title_fullStr | Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study |
| title_full_unstemmed | Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study |
| title_short | Security by Design for Industrial Control Systems from a Cyber–Physical System Perspective: A Systematic Mapping Study |
| title_sort | security by design for industrial control systems from a cyber physical system perspective a systematic mapping study |
| topic | security by design Industrial Control Systems Cyber–Physical System cybersecurity security engineering security integration |
| url | https://www.mdpi.com/2075-1702/13/7/538 |
| work_keys_str_mv | AT ahmedelmarkez securitybydesignforindustrialcontrolsystemsfromacyberphysicalsystemperspectiveasystematicmappingstudy AT sorayameslikesraoui securitybydesignforindustrialcontrolsystemsfromacyberphysicalsystemperspectiveasystematicmappingstudy AT pascalberruet securitybydesignforindustrialcontrolsystemsfromacyberphysicalsystemperspectiveasystematicmappingstudy AT flaviooquendo securitybydesignforindustrialcontrolsystemsfromacyberphysicalsystemperspectiveasystematicmappingstudy |