Security by design is a vital step in reaching operational safety in the convergence of physical and digital systems. This, alongside continuous monitoring during operation, is the best way to ensure resilience and security. However, even with modern architectures in place, it is not sufficient.

Experience demonstrates that once in operation, systems can evolve and go beyond the limits considered during the design phase. This is even more true in cybersecurity, where threats are continuously evolving, making what was planned at one point obsolete later.

Security by design includes continuous system monitoring

Continuous monitoring of systems is required to detect any deviation from what was planned, in terms of global wear and tear, achievement of the expected service, abnormal events, evolution of cyberthreats, and more. Such solutions can then raise alerts, or at the best, intermediate automatically by triggering maintenance operations, or interacting with the system in an adaptive manner (putting some new rules in the system configuration for example).
It is necessary, therefore, for security by design to also consider monitoring across the physical, digital and cybersecurity aspects of a system as part of the overall approach. A good example of where this is required is in the area of railways, where such system monitoring can be used to detect any event outside the planned domain of operation (considering the functional, environmental, cybersecurity aspects), with the goal of bringing any insufficiency or cyber attack into an acceptable and manageable risk zone.

Finding common ground between system engineering and cybersecurity

There is currently no common language for security and resilience between system engineering and cybersecurity. They are different disciplines with different expertise, skills sets and methodologies. On the physical side, there are plenty of structured approaches such as the Failure Mode Effects and Criticality Analysis (FMECA) and its enhanced variants, both in terms of hardware and software. But these methods do not take cybersecurity needs into consideration.
A good answer may be to lean on the 6IEC standardization, especially the IEC 62443 and the part 3.2 about security risk assessment and system design. However, it is more a guidance about risk analysis and control than a structured method, like FMECA.
To carry out such analysis, current trends focus on systemic approaches, by breaking down the system and its environment into multiple elements, so that the behavior of each element can be modelled. It is then conceivable to execute a certain number of deviant scenarios, to assess the weaknesses and the failure mode propagation in the global system, on both physical and cybersecurity aspects.

Digital twin

Another step is to enhance the concept toward a digital twin of the live system. The interest here is to keep the system modelling alive besides the real system during its entire lifecycle, continuously improving the risk assessment by machine learning from the collected data of the real system.
Let’s consider a very specific example, such as the testing of satellites. Satellites cannot afford any failure or misfunction after the launch, given the difficulty in correcting breakdowns or intrusions. A digital twin of the full system – satellite plus space check out equipment (SCOE) can carry out a virtual risk analysis, before the launch, and during the operational life to ensure any potential issues are flagged and fixed through predictive maintenance before any real-world breakdown occurs.
Security by design followed by continuous detection and response systems monitoring through AI and ML to find any anomalies in activity and user behavior is vital. Alongside this for the digital side of a system, a digital twin could be used to model the physical system and stress test it in an experimental environment. Creating resilient and secure cyber physical systems is extremely complex but two disciplines working in tandem can find solutions that work across a system for its entire lifespan.