Secure Development Lifecycle for CPPS

Qualification measure regarding the implementation of a Secure Development Lifecycle for Cyber-Physical Production Systems (CPPS)

Benefits and risks of CPPS 

The digital factory enables the efficient use of resources during the manufacturing process. It is realized by connecting individual components through Cyber-Physical Production Systems (CPPS). In the developing phase, modelled data is made available to project partners via linked repositories. Currently, adequate protection mechanisms for such systems are often missing, which leaves the door open for cybercriminals to introduce weak points in early design phases that they can exploit later on, during operation. Moreover, the manipulated CPPS can infect other industrial components and even sabotage processes. To mitigate this threat, information security has to be established in the engineering process of these systems. This poses a challenge, as even big companies lack relevant training to do so.

Secure Development 

The goal is, therefore, to hold seminars to impart knowledge for the implementation of a Secure Development Lifecycle for Cyber-Physical Production Systems (SDLCPPS). There, the individual phases of SDL-CPPS, starting with the secure design of CPPS to proven security concepts for the implementation, to the verification phase, and the secure maintenance process are taught. Case studies from companies that have already integrated a secure Software Development Lifecycle (SDLC) show substantial improvements due to this integrated security concept.

Being prepared for cyber threats

To achieve such progress, the planned seminar is specifically aligned with the security requirements of CPPS in the industrial environment. Via impulse lectures, workshops and presentations, the seminar offers participants an in-depth look into the primary components of SDL-CPPS. A strong grounding in real life settings and a bespoke concept are key to optimally prepare participants for the implementation of SDL-CPPS in their companies, equipping them to manage cyber-threats induced by the implementation of Industry 4.0.

External project manager
FH-Prof. Priv.Doz. Mag. Dipl.-Ing. Dr. Edgar Weippl
  • Commend International
  • Ing. Punzenberger COPA-DATA GmbH
  • Limes Security GmbH
  • logi.cals GmbH
  • Software Quality Lab
  • Trustworks KG
  • Xylem
BMDW -Forschungskompetenzen f. die Wirtschaft
12/01/2018 – 05/31/2019
Involved Institutes, Groups and Centers
Institute of IT Security Research