search menu icon-carat-right cmu-wordmark

Subject: Cyber-physical Systems

Evaluating Threat-Modeling Methods for Cyber-Physical Systems

Evaluating Threat-Modeling Methods for Cyber-Physical Systems

• SEI Blog
Nataliya Shevchenko

Addressing cybersecurity for а complex system, especially for а cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system. Examples of CPSoS include rail transport systems, power plants, and integrated air-defense capability. All these systems consist of large physical, cyber-physical, and cyber-only subsystems with complex dynamics. In the first blog post in this series, I summarized 12 available threat-modeling methods (TMMs). In this post, I will identify criteria for...

Read More
Threat Modeling: 12 Available Methods

Threat Modeling: 12 Available Methods

• SEI Blog
Nataliya Shevchenko

Almost all software systems today face a variety of threats, and the number of threats grows as technology changes. Malware that exploits software vulnerabilities grew 151 percent in the second quarter of 2018, and cyber-crime damage costs are estimated to reach $6 trillion annually by 2021. Threats can come from outside or within organizations, and they can have devastating consequences. Attacks can disable systems entirely or lead to the leaking of sensitive information, which would...

Read More
Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

Scope vs. Frequency in Defining a Minimum Viable Capability Roadmap: Part 2 of 3

• SEI Blog
Robert V. Binder

As Soon as Possible In the first post in this series, I introduced the concept of the minimum viable capability (MVC). While the intent of the minimum vable product (MVP) strategy is to focus on rapidly developing and validating only essential product features, MVC adapts this strategy to systems that are too large, too complex, or too critical for MVP. MVC is a scalable approach to validating a system of capabilities, each at the earliest...

Read More
Introducing the Minimum Viable Capability Strategy

Introducing the Minimum Viable Capability Strategy

• SEI Blog
Robert V. Binder

It's common for large-scale cyber-physical systems (CPS) projects to burn huge amounts of time and money with little to show for it. As the minimum viable product (MVP) strategy of fast and focused stands in sharp contrast to the inflexible and ponderous product planning that has contributed to those fiascos, MVP has been touted as a useful corrective. The MVP strategy has become fixed in the constellation of Agile jargon and practices. However, trying to...

Read More
Verifying Distributed Adaptive Real-Time Systems

Verifying Distributed Adaptive Real-Time Systems

• SEI Blog
James Edmondson

This post was co-authored by Sagar Chaki In 2011, the U.S. Government maintained a fleet of approximately 8,000 unmanned aerial systems (UAS), commonly referred to as "drones," a number that continues to grow. "No weapon system has had a more profound impact on the United States' ability to provide persistence on the battlefield than the UAVs," according to a report from the 2012 Defense Science Board. Making sure government and privately owned drones share international...

Read More
Cyber Intelligence and Critical Thinking

Cyber Intelligence and Critical Thinking

• SEI Blog
Jay McAllister

In June, representatives of organizations in the government, military, and industry sectors--including American Express and PNC--traveled to Pittsburgh to participate in a crisis simulation the SEI conducted. The crisis simulation--a collaborative effort involving experts from the SEI's Emerging Technology Center (ETC) and CERT Division--involved a scenario that asked members to sift through and identify Internet Protocol (IP) locations of different servers, as well as netflow data. Participants also sorted through social media accounts from simulated...

Read More
A Five-Year Technical Strategic Plan for the SEI

A Five-Year Technical Strategic Plan for the SEI

• SEI Blog
Kevin Fall

The Department of Defense (DoD) and other government agencies increasingly rely on software and networked software systems. As one of over 40 federally funded research and development centers sponsored by the United States government, Carnegie Mellon University's Software Engineering Institute (SEI) is working to help the government acquire, design, produce, and evolve software-reliant systems in an affordable and secure manner. The quality, safety, reliability, and security of software and the cyberspace it creates are major...

Read More
The SEI Blog: A Two-Year Retrospective

The SEI Blog: A Two-Year Retrospective

• SEI Blog
Douglas C. Schmidt

In launching the SEI blog two years ago, one of our top priorities was to advance the scope and impact of SEI research and development projects, while increasing the visibility of the work by SEI technologists who staff these projects. After 114 posts, and 72,608 visits from readers of our blog, this post reflects on some highlights from the last two years and gives our readers a preview of posts to come....

Read More
Looking Ahead: The SEI Technical Strategic Plan

Looking Ahead: The SEI Technical Strategic Plan

• SEI Blog
Bill Scherlis

The Department of Defense (DoD) has become deeply and fundamentally reliant on software. As a federally funded research and development center (FFRDC), the SEI is chartered to work with the DoD to meet the challenges of designing, producing, assuring, and evolving software-reliant systems in an affordable and dependable manner. This blog post--the first in a multi-part series--outlines key elements of the forthcoming SEI Strategic Research Plan that addresses these challenges through research and acquisition support...

Read More
Assessing the State of the Practice of Cyber Intelligence

Assessing the State of the Practice of Cyber Intelligence

• SEI Blog
Troy Townsend

The majority of research in cyber security focuses on incident response or network defense, either trying to keep the bad guys out or facilitating the isolation and clean-up when a computer is compromised. It's hard to find a technology website that's not touting articles on fielding better firewalls, patching operating systems, updating anti-virus signatures, and a slew of other technologies to help detect or block malicious actors from getting on your network. What's missing from...

Read More
Real-Time Scheduling on Heterogenous Multicore Processors

Real-Time Scheduling on Heterogenous Multicore Processors

• SEI Blog
Bjorn Andersson

Many DoD computing systems--particularly cyber-physical systems--are subject to stringent size, weight, and power requirements. The quantity of sensor readings and functionalities is also increasing, and their associated processing must fulfill real-time requirements. This situation motivates the need for computers with greater processing capacity. For example, to fulfill the requirements of nano-sized unmanned aerial vehicles (UAVs), developers must choose a computer platform that offers significant processing capacity and use its processing resources to meet its needs...

Read More
Bridging the

Bridging the "Valley of Disappointment" for DoD Software Research with SPRUCE

• SEI Blog
Douglas C. Schmidt

As noted in the National Research Council's report Critical Code: Software Producibility for Defense, mission-critical Department of Defense (DoD) systems increasingly rely on software for their key capabilities. Ironically, it is increasingly hard to motivate investment in long-term software research for the DoD. This lack of investment stems, in part, from the difficulty that acquisitions programs have making a compelling case for the return on these investments in software research. This post explores how the...

Read More
Toward Safe Optimization of Cyber-Physical Systems

Toward Safe Optimization of Cyber-Physical Systems

• SEI Blog
Dionisio de Niz

Cyber-physical systems (CPS) are characterized by close interactions between software components and physical processes. These interactions can have life-threatening consequences when they include safety-critical functions that are not performed according to their time-sensitive requirements. For example, an airbag must fully inflate within 20 milliseconds (its deadline) of an accident to prevent the driver from hitting the steering wheel with potentially fatal consequences. Unfortunately, the competition of safety-critical requirements with other demands to reduce the cost,...

Read More
Ensuring Safety in Cyber-Physical Systems

Ensuring Safety in Cyber-Physical Systems

• SEI Blog
Dionisio de Niz

In some key industries, such as defense, automobiles, medical devices, and the smart grid, the bulk of the innovations focus on cyber-physical systems. A key characteristic of cyber-physical systems is the close interaction of software components with physical processes, which impose stringent safety and time/space performance requirements on the systems. This blog post describes research and development we are conducting at the SEI to optimize the performance of cyber-physical systems without compromising their safety....

Read More