Introduction and Background

Cybersecurity generally follows a software‐oriented perspective, and the legacy of cybersecurity is one that focuses on pure IT software systems rather than those that interact with and potentially change the physical world. Meanwhile, it has been increasingly recognized that software assurance methods must focus on integrating security earlier in the acquisition and development cycle of software (Mead and Woody 2016). For example, certain approaches use existing malware to inform the development of security requirements in the early stages of the software life cycle (Mead et al. 2015), which seeks a similar approach to the one presented in this chapter. However, it follows the standard, bottom‐up approach of identifying threats and generates solutions based on those threats. These techniques work well for IT software systems yet are insufficient for cyber‐physical systems. Many cybersecurity approaches are not effective for cyber‐physical systems in part because an attack on a physical system is not necessarily detectable or counteracted by cyber systems (Hu 2013). Recent developments in threat modeling are geared specifically for cyber‐physical systems and consider the physical component that many other methods do not (Burmester et al. 2012). However, this approach still relies ...