On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who ...25 May 2016
NIST Releases Discussion Draft on Cyber-Physical Systems Framework
The draft defines CPS as “smart systems that include co-engineered interacting networks of physical and computational components.” CPS includes systems, structures, and objects as diverse as smart power grids, self-driving cars, and prescription medicine containers that automatically order refills when pills are running low.
The discussion draft aims to integrate the work of five different CPS PWG sub-groups: cybersecurity and privacy, data interoperability, reference architecture, and use cases. In order to develop a unifying framework applicable to the universe of unique dimensions of CPS, the CPS PWG developed three interrelated lines of analysis: Domains, Facets, and Aspects.
- Domains: the environments in which CPS are deployed. Example domains include manufacturing, transportation, energy, and healthcare, among many others. At the foundation of each domain there are individual devices, such as sensors and actuators. Coordinating these devices are multiple layers of systems, which gather and analyze data, coordinate the activities of various devices, and manage the operation of entire systems. For example, a self-driving car is an individual device. But it is also a collection of sensors and systems that allow it to move autonomously, as well as an individual unit of a larger system: perhaps a smart traffic grid that senses local traffic patterns and controls traffic signals to optimize the flow of cars.
- Facets: the functional requirements that allow CPS to operate. The draft defines three facets. “System” describes what things are supposed to do and how they should work. “Engineering” describes how things should be made and how they should operate. “Assurance” describes how to prove that things work the way that they are intended.
- Aspects: the cross-cutting concerns that apply to all facets and all domains of CPS. The preliminary discussion draft identifies six aspects: performance, risk, timing and synchronization, data interoperability, life cycle, and topology. These common aspects are designed to highlight the interrelationships between different characteristics of devices, such as cybersecurity, privacy, safety, and reliability. The authors hope that this will allow designers to implement a risk management approach that emphasizes these complex interactions, while allowing them the freedom to customize devices to the specific needs of a particular environment.
In the coming weeks, CPS PWG subgroups will hold a series of virtual meetings in advance of the group’s second in-person meeting, which will take place on April 7–8 in Gaithersburg, MD. The group will continue to refine the discussion draft, building on input from public stakeholders, and will begin to develop a roadmap for finalizing the current draft. The CPS PWG aims to release a completed framework and roadmap sometime in 2016.
NIST’s efforts come amid growing attention from policymakers to the Internet of Things. Earlier this year, the FTC released a staff report on the Internet of Things, providing guidance for industry on privacy, security, and consumer protection principles. On Capitol Hill, the Senate Committee on Commerce, Science, and Transportation held its first hearing on the subject in February.
Brian Kennedy, an associate in our Washington, D.C. office, contributed to this entry.
The French Data Protection Authority (CNIL) has announced its inspections program topics for 2016, with health data, flight passengers’ data, and data used for marketing and Internet...20 May 2016
The benefits of using Unmanned Aircraft Systems (UAS) for tasks from catastrophe response to infrastructure inspection to construction site monitoring, and everything in between, are great. ...19 May 2016