[Back]

B. Brenner, E. Weippl, A. Ekelhart:
"Security Related Technical Debt in Cyber Physical Production Systems";
Talk: 45th Annual Conference of the IEEE Industrial Electronics Society (IECON 2019), Lisbon, Portugal, Portugal; 2019-10-14 - 2019-10-18; in: "IEEE", IEEE, (2019), ISBN: 978-1-7281-4878-6.

Technical debt is an analogy introduced in 1992 by
Cunningham to help explain how intentional decisions not to
follow a gold standard or best practice in order to save time or
effort during creation of software can later on lead to a product
of lower quality in terms of product quality itself, reliability,
maintainability or extensibility. Little work has been done so far
that applies this analogy to cyber physical (production) systems
(CP(P)S). Also there is only little work that uses this analogy
for security related issues. This work aims to fill this gap: We
want to find out which security related symptoms within the field
of cyber physical production systems can be traced back to TD
items during all phases, from requirements and design down to
maintenance and operation. In this work,
. We explore TD items, causes and products in CPPS that
are related to security
. We find out which possible causes of prevalent TD symptoms
in CPPS exist, and
. We find out which of them can be related to not following a common secure-by-design best practice (the "seven
touchpoints of software security")
Especially due to the typically long operation (and thus maintenance phases) of production systems, domain experts in production system engineering can benefit significantly if lowering
maintenance costs is possible due to the implementation of
security right from the beginning of CPS creation. This work
shall support experts from the field by being a first step in
exploring the relationship between not following security best
practices and concrete increase of costs due to TD as consequence.

Technical Debt, Technical Debt in the context of Security, Cyber Physical Production Systems