ABSTRACT
Building on a literature review conducted to identify literature on international best practices for the through-life technical assurance of cyber-capable systems, this chapter considers the use of cyber-physical systems (CPS) within the context of large and complex organizations such as nation-state defense organizations and critical civilian infrastructure. Building on the concept of CPS, the chapter discusses the societal impacts of complex CPS (CCPS) and systems of CCPS to draw out some of the safety consequences of operating CPS. Safety considerations and mitigation strategies are explored before moving to the regulation of public risk posed by CPS. The case for moving from traditional cybersecurity to cyber-worthiness is made by highlighting the need to consider not only the information assurance aspects of CPS but also the ongoing provision of timely and safe physical outputs of CPS. The importance of model-based cyber-worthiness assessments is considered in the context of tracking and communicating threats to CPS. The application of complex systems governance (CSG) to addressing cyber-worthiness is then considered a viable methodology for managing the complexity of present-day CPS before considering how emergent features of truly complex CPS may be handled via cyber-worthiness assessment and CSG.
