On 10 September 2024, NIST leaders Dr. David Wollman, Deputy Chief of NIST’s Smart Connected System Division, and Dr. Thomas Roth, Leader of NIST’s IoT Devices and Infrastructure Group, gave an overview of NIST’s Cyber-Physical Systems (CPS) and Internet of Things (IoT) program at the Department of Energy’s (DOE’s) Executive Lunch and Learn. This session was part of a long-standing presentation series organized and produced by DOE’s Cybersecurity Awareness and Training (CSAT) team in the DOE Office of the Chief Information Officer (OCIO).
Dr. Wollman discussed the varying terminology used to describe smart connected systems, including CPS, IoT, Operational Technology (OT), Industry 4.0, Cyber-Physical Socio-Technical Systems, and Computing-Enabled Networked Physical Systems, and he advocated for the continued infusion of human-centered engineering concepts into CPS and IoT development. Referencing NIST Special Publication 1900-202 Cyber-Physical Systems and Internet of Things, he explained that CPS and IoT concepts have largely converged, and that CPS and IoT consist of interacting logical, physical, transducing, and human components that are co-engineered to achieve desired function. He also provided an overview of the NIST CPS Framework (NIST Special Publications 1500-201 -202 and -203) and its methodology for identifying and addressing stakeholder concerns, collected into groups of concerns called aspects, throughout any systems-engineering processes, described in modes of thinking called facets. One of the aspects, trustworthiness, was of particular importance to the audience since it included security and resilience, in addition to privacy, reliability, and safety. Dr. Wollman then described how the program’s foundational efforts have supported NIST’s ongoing work in OT and IoT cybersecurity.
Dr. Roth discussed the application of cybersecurity to CPS and IoT systems using the NIST Automated Vehicles Program as a use case. Due to the immense city-wide scale of these systems, and the potential for harm to humans if they fail, assurance cases of CPS/IoT rely heavily on simulation. Two simulation techniques commonly leveraged in NIST research are co-simulation and digital twins. Co-simulation is the integration of multiple simulation environments to create higher-fidelity models, such as combining a road traffic simulation with a wildfire spread simulation to model traffic congestion during evacuations caused by natural disasters. Digital twins are simulation models that are created and updated over their lifecycle with real-world data to create a virtual ‘clone’ of a real CPS/IoT system. For the wildfire evacuation example, a digital twin could be a road traffic model based on real-world traffic data from a specific city or region. NIST uses both techniques in its automated vehicles (AVs) program to explore how AVs will behave when deployed on roads, including their resilience against potential cybersecurity attacks.