CTIC explores the privacy and security of cyber-physical systems

  • Professor Christopher Yoo and CTIC are exploring the challenges of securing cyber-physical systems.

An important technological development has been the growing prominence of cyber-physical systems, such as self-driving cars and medical devices. Because the safety and security of these systems are essential, a new project conducted jointly by Penn Law, the Center for Technology, Innovation & Competition, and Penn Engineering is exploring the developments in and challenges of securing these systems and ensuring their users’ privacy. The project is supported by the National Science Foundation and the Intel-NSF Partnership for Cyber-Physical Systems Security and Privacy.

Cyber-physical systems combine data from the physical environment gathered by sensors attached to devices with computing power and network connectivity to provide new services. They are also generally designed as platforms that third parties can customize and to which they can add their own features.

“Self-driving cars and medical devices were not designed with privacy or security in mind,” said Professor Christopher Yoo, John H. Chestnut Professor of Law, Communication, and Computer & Information Science and CTIC’s founding director. “The engineers who created those technologies did not design them with hostile environments in mind. Trying to retrofit privacy and security into a product after the fact never offers as much protection.”

As part of the project, CTIC held a roundtable on security for cyber-physical systems in May 2016 that brought together some of the leading scholars from around the country. The roundtable focused on the legal issues raised by the efforts to increase the security and privacy of these systems, including the implications of modern products liability law, complex causation, and the impact of federal regulation.

The project takes a novel approach to security, acknowledging that security failures will be inevitable. The project proposes multiple layers of protection, including prevention methods such as encryption, fast detection of and recovery from failures, fusion of diverse sensor technologies for robustness, and tamperproof data logging for forensic purposes.

CTIC is dedicated to promoting foundational research that aims to shape the way legislators, regulatory authorities, and scholars think about technology policy, intellectual property, privacy, and related fields. Through major scholarly conferences, symposia, faculty workshops, and other activities, CTIC is committed to providing a forum for exploring the full range of scholarly perspectives on these issues.