Regulating Cyberworthiness: Governance Frameworks for Safety-Critical Cyber-Physical Systems

The objective of this paper is to frame research improving the governance of modern cyber-physical systems (CPS) and Complex Systems of CPS through better regulation and compliance. CPS are increasingly being used to undertake high-hazard activities that have the potential to cause significant impact on people and the environment. The analysis detailed in this paper provides insights into how maritime, aviation, and nu-clear regulators from the United States of America, the European Union, and Australia, in particular, facilitate the global trend of integrating cyber components into the high-hazard physical systems they regulate. This insight is gained by undertaking a systematic document review and word search analysis of the regulations, codes, standards and guidance documents published or referred to by these regulators, rele-vant to the operation of the high-hazard CPS they regulate. These documents were se-lected to assess the importance that these regulators place on cybersecurity, cyber safety, and cyberworthiness. This analysis confirmed that current regulations primar-ily treat cyber and physical safety in isolation and generally perceive the application of cybersecurity as adequate for achieving safety for the cyber aspects of a CPS. This demonstrates the need for the application of more contemporary concepts, such as cyberworthiness, to the regulation of high-hazard CPS, as well as methods to patho-logically assess and incrementally improve governance of such systems through ap-proaches like Complex Systems Governance.