Next Article in Journal
Metaverse Architectures: A Comprehensive Systematic Review of Definitions and Frameworks
Previous Article in Journal
The Internet of Things, Fog, and Cloud Continuum: Integration Challenges and Opportunities for Smart Cities
Previous Article in Special Issue
IMTIBOT: An Intelligent Mitigation Technique for IoT Botnets
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 17
Issue 7
10.3390/fi17070282
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Responsible Resilience in Cyber–Physical–Social Systems: A New Paradigm for Emergent Cyber Risk Modeling

by
Theresa Sobb
,
Nour Moustafa
and
Benjamin Turnbull
*
School of Systems and Computing, University of New South Wales, Canberra, ACT 2612, Australia
*
Author to whom correspondence should be addressed.
Future Internet 2025, 17(7), 282; https://doi.org/10.3390/fi17070282
Submission received: 29 May 2025 / Revised: 24 June 2025 / Accepted: 24 June 2025 / Published: 25 June 2025
(This article belongs to the Special Issue Internet of Things and Cyber-Physical Systems, 3rd Edition)
Browse Figures
Versions Notes

Abstract

As cyber systems increasingly converge with physical infrastructure and social processes, they give rise to Complex Cyber–Physical–Social Systems (C-CPSS), whose emergent behaviors pose unique risks to security and mission assurance. Traditional cyber–physical system models often fail to address the unpredictability arising from human and organizational dynamics, leaving critical gaps in how cyber risks are assessed and managed across interconnected domains. The challenge lies in building resilient systems that not only resist disruption, but also absorb, recover, and adapt—especially in the face of complex, nonlinear, and often unintentionally emergent threats. This paper introduces the concept of ‘responsible resilience’, defined as the capacity of systems to adapt to cyber risks using trustworthy, transparent agent-based models that operate within socio-technical contexts. We identify a fundamental research gap in the treatment of social complexity and emergence in existing the cyber–physical system literature. To address this, we propose the E3R modeling paradigm—a novel framework for conceptualizing Emergent, Risk-Relevant Resilience in C-CPSS. This paradigm synthesizes human-in-the-loop diagrams, agent-based Artificial Intelligence simulations, and ontology-driven representations to model the interdependencies and feedback loops driving unpredictable cyber risk propagation more effectively. Compared to conventional cyber–physical system models, E3R accounts for adaptive risks across social, cyber, and physical layers, enabling a more accurate and ethically grounded foundation for cyber defence and mission assurance. Our analysis of the literature review reveals the underrepresentation of socio-emergent risk modeling in the literature, and our results indicate that existing models—especially those in industrial and healthcare applications of cyber–physical systems—lack the generalizability and robustness necessary for complex, cross-domain environments. The E3R framework thus marks a significant step forward in understanding and mitigating emergent threats in future digital ecosystems.

1. Introduction

Cyber–physical systems (CPS) are a category of systems that contain both cyberspace and physical components, closely linked to related concepts such as Industrial Control Systems (ICS), Operational Technology (OT), Industry 4.0, and the internet of things (IoT) [1,2,3,4]. Complex CPS enables active feedback loops between logical processes and physical effects, representing multi-domain effects that are rarely limited to the traditional silos of digital systems and real-world physical systems [5]. As CPS often consists of systems of systems, the securitization of these systems can range from complicated to complex [6,7]. Understanding the cyber security consequences posed by cyber threats to these systems is imperative, as a weakness in the posture of a CPS would have far-reaching implications for the physical domains it interacts with [7,8,9]. This evolution gives rise to what are now termed Complex Cyber–Physical–Social Systems (C-CPSS), wherein the complexity of human behavior, decision making, and social structures interacts with and influences the performance and security posture of traditional CPS environments.
Cyber security is an applied field that has rapidly evolved in response to technological advancements, legislative demands, and business changes. Mission assurance is a term originally defined by the United States Air Force, which is the “process to protect or ensure the continued function and resilience of capabilities and assets… critical to the execution of DoD mission-essential functions” [10]. In a non-military environment, mission assurance involves guaranteeing organization-essential services. The cyber domain inherently contributes to the delivery of such services and, as a fundamental input to capability, must also be resilient to degradation in the event of an outage to provide mission assurance. Thus, understanding how CPS, and more specifically how C-CPSS, impacts the resilience of systems contributing to mission assurance is a pertinent question for cyber security researchers.
The security challenges in C-CPSS go beyond traditional threat modeling. Emergent behaviors—caused by nonlinear interactions among cyber, physical, and social components—can manifest in unpredictable ways, undermining system performance and jeopardizing mission assurance [11,12]. Mission assurance, as defined in both defence and civilian contexts, involves the sustained delivery of essential services under degraded conditions [13,14]. In C-CPSS environments, threats are not only technical or malicious but can also stem from unintended interactions, misaligned incentives, or cascading failures across domains [3]. Existing CPS security models often overlook these socio-technical interdependencies, leading to resilience strategies that are insufficient for the demands of complex, real-world scenarios.
This paper addresses a key research gap: the lack of integrated frameworks that explicitly account for social complexity and emergent cyber risk in CPS, and by extension, C-CPSS [15,16]. We argue that advancing cyber resilience in such systems requires a fundamental reconceptualization—one that embraces responsible resilience, grounded in trustworthy and explainable AI models, and incorporates the modeling of emergent risk across cyber, physical, and social dimensions. To address these challenges, this paper introduces the concept of responsible resilience—the capacity of C-CPSS to absorb, recover from, and adapt to disruptions through the integration of transparent and trustworthy AI models. We propose the E3R modeling paradigm (Emergent, Risk-Relevant Resilience), a novel framework that combines causal loop diagrams, agent-based simulations, and ontology-driven modeling to capture the dynamics of socio-technical emergence and guide the design of adaptive, mission-oriented resilience strategies. The key contributions of this paper are as follows:
  • A review of recent CPS and cyber security research, highlighting the absence of social-emergent risk modeling in the literature review.
  • The conceptualization of C-CPSS as a distinct category of systems requiring new resilience models that integrate cyber, physical, and social interdependencies.
  • The development of the E3R modeling paradigm, which operationalizes responsible resilience through multi-method simulation and ontology design.
The remainder of this paper is structured as follows: Section 2 presents a comprehensive literature review including a bibliometric and thematic review of CPS and cyber security literature. Section 3 gives an analysis of the most recent novel works in the field. Section 4 outlines the new E3R modeling paradigm and discusses future research directions for responsible resilience engineering in socio-technical systems. Finally, Section 5 offers conclusions.

2. Materials and Methods

Current Research Directions with Statistical Insights

This research took a mixed methods approach with both quantitative and qualitative data analysis to survey the current research state of cyber security in cyber–physical systems (CPS) and by extension, Cyber–Physical–Social Systems (CPSS). It involved surveying search results from the Scopus database relating to the research topics, the statistical analysis of those results, exporting result metadata to a file for topic-cluster analysis in the software VOSViewer, and finally, a conceptual analysis of key research papers.
Based on the search parameters, 26,728 documents were returned relating to CPS, and 37,261 were related to cyber security, with the majority of publications occurring after 2016. Novelty and recency were key filters used within the dataset. Figure 1 and Figure 2 illustrate the primary recent novel research clusters in the fields of cyber security and CPS, respectively. Within cyber security, cyber–physical systems are a notable novel research sub-cluster, interconnected with research areas including the internet of things and Artificial Intelligence. This analysis provided an understanding of the research environment at the intersection of these areas and was used to highlight the need for the work and inspiration for the E3R modeling paradigm.

3. Recent Literature Analysis

This section presents the novel literature in the research fields that were analyzed to assist in identifying research gaps. Lessons from these papers were further used to inform the development of the Responsible Resilience E3E Framework, which is defined further in Section 4.

3.1. Cyber Security

3.1.1. Cybercrime

Lallie et al. [17] provided a novel perspective on cybercrimes within the context of the COVID-19 pandemic, plotting timelines of historical cyber-attacks. These attacks tended to fall into two categories: cyber-dependent crime, such as malware and denial-of-service attacks, or cyber-enabled crime, including financial fraud and phishing. The research highlights how unique scenarios, triggers, and circumstances can contribute to the techniques employed by cybercriminals [17]. This subsequently raises questions regarding how other historical events or world contexts may influence cybercrime trends and tactics.
Cybercrime was also considered through historical use cases, including the COVID-19 outbreak. One analysis focused on the correlation between cybercrime-related activities and the progression of COVID-19 lockdown policies [18]. The research highlights the importance of understanding complex cyber–social relationships and the effects of security measures, while also acknowledging that human factors, such as the willingness to report crimes, may influence these statistics [18].

3.1.2. Data Security

Blockchain and multiple share creation (MSC) was one method utilized within the most recent novel literature, with the aim to increase the ethical securitization of user data within the healthcare system [19]. Within the context of complex supply chain management, blockchain has also been applied to leverage its opportunities to improve information currency, data sharing, and security [20]. One study also highlighted how protocols based on quantum-inspired quantum walk (QIQW) technologies can be used to enhance the security of blockchain applications further [21].
The adoption of blockchain in supply chain environments is affected by human factors in addition to technological ones, such as trust [22]. This study also highlights that social factors may play a role in the adoption of technologies, with demographic factors being considered in future work [22]. Similarly, applications of blockchain in industrial IoT are also evident in the recent literature through the development of decentralized architectures designed to regulate data while maintaining security and efficiency [23].
Encryption is another method used within the recent novel cyber security literature to improve the securitization of data within an Internet of Health Things (IoHT) scenario [24]. As this research pertains to a specific scenario, there may be further research opportunities to apply the methodologies utilized, primarily the CP-WABE scheme using their 0-1 coding access policy expression method, within a more diverse and complex IoT scenario, such as within a smart city.
In a smaller human–machine interaction niche, cyber security was discussed through the utilization of human biometrics to enable user signal verification [25]. This study provides a novel perspective on cyber security, especially considering the roles that human elements can play in contributing to security postures. However, when focusing on the benefits of Self-Powered Wearable Keyboards for applications extending beyond the original test environment, cyber security was not highlighted as one of its most competitive qualities compared to others, such as low cost and high accuracy [25].

3.1.3. Machine Learning for Intrusion Detection

Machine learning and its subsets were often applied within the scope of recent novel cyber security research to address research challenges associated with Intrusion Detection. Intrusion detection research within the context of cyber–physical systems has also been a focus of the recent literature, highlighting how system connectedness with cellular technologies, such as 5G, potentially exacerbates cyber security threats and underscores the need to defend this terrain [26]. The authors focus on detections of Distributed Denial-of-Service (DDoS) attacks in particular, utilizing a deep convolutional neural network and current network data to enable accurate and timely attack identification [26]. Another study investigated DDoS detection using Recurrent Neural Networks (RNNs), which yielded accuracies to different attack scenarios at above 99% [27]. Whilst focused on the DDoS research area, there may be potential to cross-apply these methods to other attack categories, such as phishing.
Machine learning was also identified at the leading edge of intrusion detection research for cyber security. Deep belief network (DBN) models were tested within healthcare CPS environments in order to identify potential attacks towards the system [19]. Injadat et al. developed a novel multi-stage optimized machine learning framework in order to address complexity challenges within existing research whilst retaining intrusion detection accuracy [28]. This work highlights opportunities that could improve the optimization of intrusion detection machine learning applications, with future work in this space having the ability to focus on the investigation of models that can handle nonlinear and high-dimensional datasets, in addition to those that contain a combination of supervised and unsupervised machine learning techniques [28].
Challenges to existing machine learning applications for intrusion detection are discussed in the work of Bagui and Li, where they explore solutions for rebalancing and resampling machine learning datasets to recognize cyber-attack events better [29]. This research highlights the potential bias that machine learning datasets can introduce into accurate intrusion detection applications, as well as the processing and cost compromises associated with resampling and rebalancing this data. In another study, this problem set was addressed through the lens of energy theft as a cyber-attack in smart meter infrastructure [30]. The use of ensemble machine learning models was suggested to reduce variance and bias by leveraging meta-algorithms, with the best performing utilizing bootstrap aggregation methods being used to improve accuracy and bias–variance trade-offs [30].
From the perspective of identified attacker techniques, malware detection was also highlighted within the recent novel literature as a field of note. In this case, deep learning was identified as a potential model of use, offering additional fidelity compared to existing traditional static and dynamic analysis methods for malware identification [31]. Whilst this study focuses on the oil supply chain case study in particular, its findings have the potential to influence a wide variety of industrial applications.
The level of trust in machine learning algorithms was also discussed in the most recent novel literature. Mahbooba et al. [32] discussed in their research the need for ‘Explainable AI’ models that are readable by experts so that data evidence can be cognitively understood and therefore trusted. Such models have the potential to assist experts in identifying influence factors within machine learning models and thus enhance trust in the decisions made [32]. The identified limitations of this work include the overfitting of algorithms due to noise capture in datasets, especially when training data differs substantially from test data, and the prediction performance impact associated with the number of levels in decision trees [32].

3.1.4. Datasets and Models

Dataset design was a recent research area in the novel literature that aimed to provide heterogeneous data for research validation. A need for a dataset that enables intrusion detection was highlighted as a research need in the context of complex cyber threat scenarios where data is sourced from real-world IoT networks [33]. In such cases, an IoT distributed architecture can be utilized to evaluate the security applications of AI, thereby enhancing the security posture.
The classification of the data generated by IoT devices was also an area of interest in the recent novel literature. One study focused on classifying IoT network traffic through the utilization of machine learning and logistic regression methodologies in particular, in order to differentiate between conventional and IoT devices on home networks [34]. The consequences of such research have the potential to expand into other fields, such as industrial applications.
Threat modeling from a CPS perspective was also investigated within the recent novel literature. Zografopoulos et al. released a study containing a cyber security framework for CPS, focusing on developing a model for analyzing attack scenarios [35]. Whilst explicitly focused on the energy sector, such studies have the potential to influence a wide variety of scenarios, assuming that the model developed has enough breadth to be cross-applicable within different contexts. This is something that may require further investigation and evaluation.

3.1.5. Outliers

There was one outlier study that addressed cyber security awareness from a human perspective, and thus represented a divergence from the main research themes. In Zwiling et al.’s work, the awareness, knowledge, and behavior of individuals was studied across four countries in order to highlight cyber security literacy [36]. One of the key findings from this study was that whilst internet users have an adequate awareness of cyber threats, they apply simple and minimal protections in their online behavior; lessons were identified for future education, focused on increasing knowledge of cyber-attacks, cultivating responsible cyber risk attitudes, reducing the human risk factors in cyber-attacks, and developing best practices in relation to cyber security within organizations [36]. The work also highlighted the dependency that society has on internet connectivity and mobile devices, which subsequently elevates the risk of cyber-attacks, highlighting the need for future work that increases the skillsets of users to resist victimization [36].

3.2. Cyber–Physical Systems

The novel contribution distribution for the CPS research is summarized in Figure 3, where link strength indicates the number of citations for that particular area of novelty. Some papers had novelty dispersed throughout several research areas. This model outlines both the foundational and emerging trends in CPS research invested in over the last few years, including areas of specific interest to the academic community.

3.2.1. Simulation and Modeling

Simulating and modeling cyber–physical systems was one significant component of the most recent novel CPS research. This area was divided into two primary focus areas, with these being digital twin applications, and standards and realism considerations. Of note, much of the literature within this section focused on Industry 4.0 applications, such as manufacturing and agriculture. This poses a significant research niche, but also brings forth questions regarding the wider CPS cross-applicability of findings. Additional questions are also posed by the significant focus on digital twins for simulation purposes, with research challenges identified regarding the accuracy of twin architecture and flexibility in the scope of their design.
Digital twins were the primary form of simulation identified within novel research for CPS. One application of digital twin-based manufacturing is system design platforms utilizing emerging architectures such as configuration design, motion planning, control development, and optimization decoupling (CMCO) [37]. Such systems present novelty in their work through the integration of hardware-in-the-loop simulation, in order to reduce errors, increase efficiency, and verify execution [37].
Use cases such as mass-individualization as part of Industry 4.0 were identified as drivers for digital twin optimization to maximize efficiency of product-service systems; however, it is noted that robustness is required in such models in order to address unpredictable behaviors such as physical disturbances [38]. In a different study, digital twins were applied to a CPS manufacturing context and compared to conventional assembly process design methods [39]. The benefits of this application of digital twins included the streamlining of assembly processes whilst maintaining flexibility and reducing costs [39].
Much of the novel recent CPS literature that focused on digital twins considered them primarily within a manufacturing or Industry 4.0 context. Whilst a significant area of research, this literature focus on one use case reveals potential opportunities for digital twin cross-application outside of the manufacturing context, which may pose new challenges and design evolutions for CPS modeling.
Applications of digital twins bring forth further challenges regarding the accuracy of digital twin models, especially in regards to the granularity of behavior and quality of replication, and challenges regarding data scalability and resource processing [39]. Modeling digital twins so that they are valid and useful within CPS environments is subsequently of the utmost importance, with some research focusing on developing virtual modeling methods to enable effective digital twin development [40].
The value of a digital twin model relies on the degree of similarity between the digital twin itself, and its real-world subject, with inaccurate models potentially influencing the accuracy of CPS simulations and outcomes. This is an area where future work is required, especially when conceptualized within predictive simulation contexts where future states can only be evaluated against their real-world events, assuming that those events occur. One technique discussed within the literature addressed this simulation accuracy challenge through the development of a modeling approach that included geometric, physical, behavioral, rule-based, and data-based dimensionalities [41].
Additionally, building robustness and resilience to digital twins is imperative as systems become potentially more complex and unpredictable, as they need to be flexible enough to adapt to varying system states and potentially emergent behaviors. Data mining is also identified as a potential future area of work, where hidden relationships in CPS data can be used to inform more accurate digital twin models [41] Building frameworks is an additional area of CPS that assists in modeling how systems operate. One study discusses the novelty of including the socio-technical components of a CPS in its larger system state, and highlights how this relates to digital transformation in agriculture [42]. Within the simulation space, this also extends to identified needs for modeling standards for entities such as digital twins and unifying these with existing specifications within the literature [40].
The value of a simulation or model in its applicability to a real-world scenario is heavily influenced by its ability to accurately replicate that scenario. Agents within simulations need to have attributes and functions that represent their real-world counterparts so that the predictability of such models reflects reality. Linking to this concept, simulation robustness is an identified area of future work, requiring models to have a degree of flexibility when simulating complex systems with potentially unpredictable events. As CPS become increasingly complex and integrated into systems-of-systems, the requirement for simulations such as digital twins to accurately reflect their behavior in these environments is essential for model validation.

3.2.2. Cyber Security of CPS

The security of CPS is another topic regularly discussed within the most recent novel literature. In particular, the cyber security concepts of privacy and resilience were of primary concerns across studies, highlighting the current research focus.
Healthcare is one such domain, where information privacy needs to be maintained, but also needs to be practically searchable with appropriate access quality [43]. Blockchain combined with Attribute-Based Searchable Encryption is one solution proposed to combat challenges associated with resource processing and centralization for healthcare CPS [43]. However, future work considerations highlight the need for further research into healthcare blockchain reward mechanisms to enable investment, in addition to the personalization of the blockchain to meet healthcare specific requirements, such as user revocation [43].
One study utilized blockchain as part of their healthcare CPS in order to assist in the transmission of secure data [19]. In an additional study, a blockchain-based framework was used to secure the Internet of Medical Things (IoMT), through decentralizing electronic health records, leveraging smart contracts, and applying anonymity and cryptographic algorithms [44]. The research aims to overcome extant challenges related to cloud computing and the standardization of security solutions; however, it highlights the need for future work to focus on quality of service and real-time capabilities [44].
Securing the Internet of Medical Things (IoMT) is a topic related to CPS for healthcare, where sensors within medical facilities exchange sensitive information, and thus may be a vector for attack [45]. One study proposed the use of authentication and key establishment which leverages Physical Unclonable Functions (PUF) in order to verify the legitimacy of connecting nodes [45]. Privacy considerations for CPS tend to be focused on healthcare and medical applications. Systems within these fields must handle and process data that is of a sensitive personal nature; however, they are not the only scenarios with this requirement. There is potential that the findings from these privacy papers may have cross-applicability to other CPS that manage personal sensitive data, such as electronic voting. Further research into this area may identify novel applications of existing research to new CPS problem sets.
Building resilience into CPS networks is also a key cyber security concern highlighted within the recent novel literature. Sensor fault diagnosis in Wireless Sensor Network applications was identified as a priority due to the potential devastating implications of a CPS failure to both the cyber and physical components of the world [46]. Leveraging techniques such as Extremely Randomized Trees provided opportunities for machine learning algorithms to identify and diagnose faults; however, robustness testing across large numbers of sensors and faults was identified for future work [46]. Distributed resilient control for microgrids is investigated in the literature as one pathway to enable the restoration of services, equitable power sharing, and state of charge balancing, especially in environments that have the potential to exacerbate unreliable conditions and faults [47]. Additional protection from cyber-attacks is considered within the recent novel literature through the lens of Intelligent Transport Systems, where potential attack vectors such as spoofing, message falsification, Denial-of-Service, and burst transmissions are countered through cooperative adaptive control measures and distributed mitigation mechanisms [48].
These papers identify methods to assist in increasing resilience within CPS. However, they represent only a defined subset of potential obstacles, attacks or processing challenges that a CPS may face. There is therefore a need to invest in CPS research that integrates resiliency measures that can manage heterogenous stimuli and scenarios. Such research would be of immense value in complex systems-of-systems, where emergent behaviors may affect networks unpredictably.

3.2.3. Cyber Defense

Building effective defensive measures against cyber-attacks was also a key theme within the novel CPS literature. There was a focus on research into CPS intrusion detection, and to counter certain attacker techniques. This area of CPS research included some machine learning implementations; however, it also identified challenges to these machine learning approaches to enable CPS defense.
The introduction of federated deep learning is a key research step towards intrusion detection in Industrial CPS [49]. This challenge is exacerbated by the need to preserve privacy within such systems [49]. Intrusion detection is also applied to other CPS subsets, such as in healthcare, where deep belief network models are utilized to identify potential attacks against the system [19].
Novel studies regarding trustworthiness within Industrial CPS rely on the optimization of defense resources utilizing machine learning-enhanced evaluation frameworks [50]. This has flow-on effects to response metrics and risk prevention, with further research opportunities in relation to human integrity problems [50].
Intrusion detection learning through a Siamese convolutional neural network is another research area identified as novel, with such a model improving detection metrics and false alarm rates [51]. Additional benefits through few-shot learning are of particular value to this research, potentially enabling the network to identify anomalies relatively early in the leaning process compared to a standard neural network, which presents value in an evolving cyber threat context [51]. Few-shot learning presents research opportunities that extend beyond specific case studies and show usefulness in a variety of learning scenarios. In complex CPS where temporal and feedback components may induce unpredictability, research into few-shot algorithms has the potential to provide further robustness to detections.
Within the recent novel literature, vulnerabilities to CPS discussed included solutions to prevent false data injection (FDI) attacks within nonlinear semi-Markovian switching CPS [52]. In a 5G context, research into Distributed Denial-of-Service (DDoS) attacks is addressed through the processing of real-time data through volutional neural networks to enable early detection [26]. Such studies bring forth questions regarding cross-applicability to other CPS outside of the mobile telephone subset. Specific attack technique discussions were not a major theme within the research; however, they highlight concerns relating to the current threat landscape.

3.2.4. Applications to Meet Field-Specific Niches

Another subset of the most novel recent literature focused on using CPS research to meet challenges unique to specific niches or fields. Unlike the other research, which applied CPS concepts to use cases, these papers specifically focused on issues related to their fields, with CPSS research being applied to address those issues. The field-specific niches identified in the literature included health diagnostics, plastic production, and prefabricated housing.
In the field of CPS for healthcare, technologies such as residual networks have been utilized for data classification for diseases, providing practitioners with decision support and leveraging existing data that exists on distributed nodes and cloud servers [19].
CPS was also identified as a key driver for sustainable development in the context of Brazil’s plastic industry [53]. The study identified that CPS technologies assisted in increasing safety, reducing manufacturing costs, saving energy, predicting production performance, providing new opportunities for optimization of resources, and reducing pollutants [53,54,55,56,57,58].
Within the prefabricated housing industry, one novel study leveraged CPS in order address sustainability improvement challenges for prefabricated house construction use cases, such as stakeholder interoperability, resource traceability real-time data visibility, and security [59]. In this context, technologies such as the IoT and blockchain were utilized to improve the construction of these dwellings, with the potential for future applicability to wider supply chain case studies.
While these studies provide novel insight into case-specific issues of unique domains, their application across larger research is potentially limited by scenario constraints and scope. Finding research gaps within this literature theme would be better suited to additional literature searches and reviews that focus on each specific scenario in isolation.

4. Discussions

4.1. Future Research Directions

As outlined in this paper, the majority of novel contributions to the literature surrounding cyber security over the last three years can be categorized into one of four primary research fields. These are broadly considered as cybercrime, data security, machine learning for intrusion detection, and datasets and models. Conversely, most novel contributions to the literature surrounding CPS over the last three years can be broadly categorized into one of four research fields; simulation and modeling, cyber security, cyber defense, and applications to meet field specific niches.
Through this review, several research gaps and opportunities were identified and synthesized relating to cyber security and cyber–physical systems. Through the cyber security lens, these relate to human–cyber dynamics, the need to decouple intent from threat, and vulnerability in machine learning. From a CPS perspective, these relate to robustness in CPS design, limited case diversity, and consideration of human factors. Together the research gaps in these two areas form an opportunity for future novel research design at the intersection of cyber security and cyber–physical systems.
Recent novel research often focused exclusively on technological advancements to cyber security such as blockchain, machine learning, and encryption, rather than considering a system-of-systems approach where humans play a pivotal role in the cyber security of those systems. Whilst there was limited discussion of the role of people in cyber security, one study highlighted how the embedded nature of the internet and mobile devices has the potential to increase the risk of cyber-attacks [36]. The concept of cyber–social relationships were also discussed in the recent novel literature, relating to attitudes surrounding cybercrime reporting [18].
Only one reviewed study addressed the role that people’s attitudes and behaviors play in influencing cyber security behaviors [36]. This was an outlier within the cyber security literature, where most studies focused on technology-centric solutions to security problems. Values regarding cyber security are often linked to human requirements within the system design process, such as the CIA triad of confidentiality, availability, and integrity [60,61]. Without people considered within the system, these concepts can degrade in value. For example, the importance of confidentiality of medical data is lowered if there are no providers interacting with the system. Subsequently, building systems with cyber security in mind also implies the need to build systems with humans in mind. This is contrasted to the most recent novel literature surveyed, which focused primarily on a range of technological challenges relating to cyber security. Whilst these developments are essential, ignoring the role that people play has the potential to leave security vulnerabilities open that cannot be exclusively addressed by technological solutions.
A common theme within the recent novel research of cyber security was that of intentional cyber threats. Research focused on things such as cybercrime, intrusion detection, and privacy. These focal areas rely on an interpretation of threat as being intentional by another entity within the system, such as a person accessing data they are not authorized to or breaching a system’s defenses. This leaves a potential research gap regarding unintentional threats to cyber security. These may come from human origins, such as ignorance as shown in Zwilling et al.’s research, or from cyber sources, such as the input of unexpected data structures from sensor or the data rates that exceed processing resources [36]. Within this problem set, there is also a potential research area that could look at how complex system behaviors in cyber systems, such as normalized deviance from baselines due to nonlinearity or event emergence, may have unintentional security outcomes.
Ultimately, considering intentional threats as the only challenges within the field of cyber security leaves a variety of unintentional threats not addressed. From human unintentional actions to software misconfiguration and errors, threats to the cyber security of a system are not always premeditated. When a system such as a power grid goes offline, the business impact of that activity is significant, regardless of whether the root cause was a willful cyber intrusion or an accidental software bug. Subsequently, there is a potential research gap addressing the full spectrum of threats to systems, including unintentional ones, to improve overall system cyber resilience.
Many studies in the recent novel cyber security literature introduced machine learning implementations to solve challenges within the space. However, few of these studies comprehensively addressed how the nature of machine learning training data may affect cyber security outcomes, nor how traditional machine learning algorithms can be challenged by novel inputs and data structures. This is sometimes referred to as “Generalization”, where the algorithm must handle new data scenarios outside of its original scope [62].
Within the scope of cyber security, intrusion detection was one of the primary research areas that utilized machine learning algorithms as a mechanism for identifying and countering cyber-attacks. Intrusion detection that relies on machine learning, however, has the potential to be influenced by training data and algorithm design, and thus such considerations must be considered [63]. Additionally, questions need to be posed regarding the accuracy of intrusion detection mechanisms utilizing machine learning when posed against unique or unseen vulnerability exploitations, such as zero day exploits. Zero-shot and few-shot algorithms may pose part of the solution to address these needs, but were not covered in detail within the most recent cyber security novel literature, and therefore indicate a potential research gap.
There is a need for machine learning algorithms designed for cyber security implementations to be tested in environments that may have unpredictable data. Such examples include detecting high-tier threat actor techniques such as the employment of zero days, in addition to complex architecture environments. Cyber security is an arms race between those who wish to breach cyber defenses, and those who wish to strengthen them. Subsequently, there is a research imperative to evaluate security solutions, such as machine learning, against novel scenarios to truly test their robustness and to ensure that they are fit for purpose.
Robustness within the novel literature is a theme discussed throughout the research topics. From a modeling and simulation perspective, a need for robustness is identified through the accuracy of models such as digital twins, in addition to the model flexibility and resiliency when faced with unpredictable or complex behaviors. Without such robustness, the value of simulations is significantly lessened, especially in scenarios that involve CPS intraconnectedness with other systems. This is consequently a research need warranting more analysis.
Few-shot algorithm applications to intrusion detection scenarios are an opportunity to improve the robustness of complex CPS. There was limited recent novel research in this area, but as CPS become larger and more integrated in a system-of-systems landscape, features of complexity such as nonlinearity and emergence may reduce the accuracy of traditional machine learning models. Subsequently, leveraging emerging research into few-shot and one-shot algorithms that can make accurate predictions on limited training data is a research area that will increase in value as CPS evolve within the modern integrated environment.
From a cyber security perspective, recent novel literature often discussed the need to build resilience within CPS networks. However, this research tended to focus on specific cyber security case studies, rather than building robustness across a wide set of CPS scenarios, such as power sharing, load balancing, and cyber-attacks. Within a modern context, a CPS can exist within a system-of-systems hierarchy, and subsequently may be influenced by unpredictable factors and event interactions at subsystem boundaries. There is therefore a need to consider CPS within this wider context to more accurately understand the impact that different system links can have on internal system resilience.
A significant portion of the CPS literature focused on industrial or medical applications of CPS. Most medical papers focused on privacy as a cyber security challenge, whereas industrial applications were seen across all of the research themes. Much of the novel research into these fields focuses on Industrial CPS, instead of wider CPS as a whole. This has the potential to overlook more broad, holistic securitization and attack detection challenges that may manifest in the full variety of CPS available. It is noted that healthcare is a significant area of CPS novel research; however, there was limited research into attack detection techniques within this CPS sub-field, indicating a potential research gap.
Digital twin research was primarily limited to a manufacturing or Industry 4.0 context, without considering digital twin modeling in other scenarios. Within the theme of attack detection, approximately three-quarters of papers were focused on Industrial CPS. These two primary case studies of industrial and medical applications indicate a significant research focus into these two fields. Whilst immensely valuable research, this does not prepare CPS research for applications into diverse, complex scenarios within system-of-system approaches. There is therefore a need to address some of these common CPS research questions in broader applications, which may provide new novel insights.
There was some consideration of human factors throughout the CPS research topics. However, the inclusion and consideration of these factors was mostly dependent on specific case studies and problem sets. From a cyber security perspective, privacy was a theme within the recent novel literature. However, research to address its concerns within CPS primarily focused on technological solutions such as encryption and blockchain. Whilst these avenues provide an opportunity to improve privacy within CPS, they seek to address a human challenge with a purely technological solution. Of note, privacy and confidentiality are cyber security considerations that are relatively unique because they address human needs within the system. This is in contrast with concepts such as trust, availability, and integrity, which tend to be valued because they primarily exist to enable correct system functionality, followed secondarily by the human consequences they bear. Privacy exists primarily to meet a human need first, with its implementation within the system existing to meet that need.
Subsequently, there is a need for CPS privacy research that addresses holistic system-of-systems approaches to drive increased cyber security—such as leveraging social, governance, and technical components together—to achieve a layered approach to privacy assurance. In this way, purely technological mitigations such as cryptography and blockchain can be applied to a wider context, where influences on the system are perceived through more than just technical sensors. Because there was limited focus on both exploring and intergrating the human contributions to effective cyber security, there were potential privacy considerations that were not addressed in the most recent novel literature.
There was some consideration of socio-technical components of CPS; however, these were limited in scope and applied to specific case studies such as agriculture. There was limited cohesion between social dynamics within the CPS novel literature in general, and it tended to be applied within certain contextual or traditional cyber security silos instead of being a wider consideration within the CPS construct.
Ultimately, based on the conducted literature review, it is clear that across both the cyber security and CPS research landscape, there is a significant research gap in terms of considering the role that social factors play in the robustness of systems. This has flow-on effects into how cyber resilience efforts can be conceived, planned for, and executed, especially within the context of mission assurance priorities. The new field of Complex Cyber–Physical–Social Systems poses a research opportunity through which to frame this problem set. There is a need to create a framework through which this resilience can be developed that aligns with the strategic goals of the organization and considers the cognitive risk factors incumbent through the social dimension of C-CPSS. Such a framework would allow for more responsive adaptions to cyber security events and provide a blueprint for mitigation actions to enable systemic enforcing robustness and resilience for the future against potential outages or cyber-attacks.

4.2. The E3R Modeling Paradigm: Towards Responsible Resilience in C-CPSS

As cyber systems increasingly intertwine with physical infrastructure and social behaviors, the limitations of traditional cyber–physical systems (CPS) frameworks become increasingly apparent. Existing models primarily focus on technical resilience and control logic, often overlooking the emergent complexity introduced by human actors, dynamic organizational contexts, and ethical dilemmas. This oversight becomes critical as modern infrastructures evolve into Complex Cyber–Physical–Social Systems (C-CPSS)—multi-layered systems where cyber threats are no longer confined to code or components but manifest unpredictably across human, organizational, and environmental dimensions.
In response to this pressing challenge, we introduce the concept of ’responsible resilience’, which we define as the adaptive capability of systems to anticipate, absorb, and recover from cyber risks in ways that are not only technically robust but also ethically transparent, socially responsive, and contextually grounded. Unlike conventional resilience models that focus solely on threat mitigation and system robustness, responsible resilience embeds trust, explainability, and adaptability as foundational properties of socio-technical system defense.
At the core of this contribution is the E3R modeling paradigm, which stands for Emergent, Risk-Relevant Resilience. This paradigm seeks to operationalize responsible resilience by integrating modeling approaches capable of capturing the dynamic interdependencies and feedback loops between the cyber, physical, and social layers of a system. As depicted in Figure 4, E3R is implemented as a cyclic and layered framework that integrates six key components: sensing and observation, ontology-driven context modeling, agent-based simulation, ethical risk reasoning, adaptive decision support, and human-in-the-loop oversight.
The modeling process begins with Observation and Sensing, where real-time data streams from across the cyber, physical, and social layers are captured. This relies on other foundational technologies including the internet of things and the implementation of sensors that can specifically observe social data inputs within the environment [64,65,66,67].
These inputs are translated into formal semantic representations through Ontology-Driven Context Modeling, enabling the system to understand the meaning, relationships, and dynamics embedded in its operating environment. Ontologies serve as a “specification of a conceptualization”, describing concepts in and relationships between elements within a system [68,69]. For this component, lessons can be taken from previous ontologies created for existing CPS research, applied to case studies in safety design, insider threats, cyber forensics, human factors in cyber security, and broader cyber security [70,71,72,73,74,75].
Next, Agent-Based Artificial Intelligence-driven simulation is used to explore how local decisions and external shocks might propagate through the system, revealing emergent vulnerabilities or cascading risks. This is of significant benefit to systems that may exhibit unpredictable behaviors, and utilizing concepts such as digital twins provides an opportunity to more accurately simulate these real-world phenomena [76]. Drawing from the success of agent-based research in the cyber security field, in the simulation of computer network attacks and botnets, cyber-physical production systems, internet of things defense, and CPS supply chain emergence, applying agents to C-CPSS poses a significant opportunity to analyze consequence dynamics [77,78,79,80,81].
Critically, the simulation output is not simply used to rank threats, but is instead passed through an Ethical Reasoning and Risk Inference module. This layer ensures that decisions are evaluated against transparency, accountability, and fairness metrics, reflecting human values in machine reasoning. Within CPSS, this is essential as social semantics are a key input into the system, and ethical considerations must be made throughout the information transformation process [82,83].
Based on this analysis, the system generates Adaptive Decision Support—real-time recommendations for operational or strategic mitigation. The adaptivity feature of this component is extremely important due to the nonlinear nature of these C-CPSS. A recommendation given the same input parameters may be different due to complexity and sensitivity to initial conditions, and the decision support system must have the capacity and flexibility to accurately reflect that shift. This makes traditional Markov Decision Processes and Reinforcement Learning difficult because the environment in which the decision is tested is constantly changing over time, and thus warrants learning in either non-stationary Markov decision processes or alternative few-shot learning approaches for decision support algorithms [84,85,86,87,88].
These outputs are then reviewed through Human-in-the-Loop mechanisms, ensuring that human actors retain control, correct biases, and provide critical oversight. This increases the level of trust embedded within the system [89,90,91]. Feedback from human decisions is looped back into the sensing layer, thus completing the cycle and enabling continuous system learning.
E3R is a modular, agile model that is itself a system-of-systems. Each component of the loop can be individually modified, tested, and validated, allowing for continuous improvement and growth based on changing environmental factors [92]. This cyclical and reflexive structure sets E3R apart from linear or technocentric models of CPS defense. It enables a shift from reactive robustness to anticipatory adaptability, providing a principled basis for modeling resilience as an emergent property shaped by socio-technical interactions. In doing so, E3R offers a transformative lens for mission assurance in C-CPSS environments, particularly in domains such as critical infrastructure, smart cities, and autonomous systems where traditional risk models fail to capture the depth of social entanglement and ethical responsibility.

4.3. Comparative Analysis of E3R Model

This section seeks to compare and contrast the E3R model against traditional risk and resilience paradigms. A summary of the frameworks investigated is shown in Table 1.
The ’Social Dimension’ criteria refers to whether the study specifically addressed any social factors in their development of risk metrics. These had to consider the actions and behaviors of people as individual agents within the larger system. The ’Emergence’ criteria refers to whether the risk model had any flexibility or consideration for emergent phenomena or events that could occur outside the typical risk boundaries of the models presented. The ’Resilience’ criteria addresses whether the model specifically attempted to develop outcomes, decisions or recommendations for mitigation based on the risk statements developed, providing actionable data for cyber security practitioners to apply. The ’Dynamic Adaptive Systems’ criteria refers to whether the model was intentionally built to work flexibly with fluctuating systems with changing input parameters that are representative of modern complex systems. The ’Feedback Loops’ criteria specifies whether the model had any mechanisms for outputs of information to form inputs back into the modeling process. Finally, the ’Asset Mission Value’ criteria refers to whether the model linked the criticality of cyber assets with their organizational priority, either directly or indirectly as part of a mission assurance framework.
One of the standards for risk management in this space comes from ISO 31000:2018, particularly the risk management process defined within clause 6 [93,94]. In this process, the context is established, the risk is assessed, and the risk is treated, whilst concurrently a communication and consultation and a monitoring and review process occur [94]. This thematically builds the baseline from which many future cyber risk models are derived from.
Vulnerabilities was one major theme of focus in the literature of risk modeling. One model discussed in the literature utilized a Bayesian approach to identify the effect that vulnerabilities and mitigations had on overall architecture risk [95]. Another model using Fuzzy Inference focused on the four risk factors, those being vulnerability, threat, likelihood, and impact, to determine risk to a system [96]. A time-to-compromise model for cyber risk reduction was described in the context of Supervisory Control and Data Acquisition (SCADA) environments, where potential attacker paths are mapped through a target system [97]. A cloud provider cyber risk model (CSCCRA) is also described in the literature as a framework to determine risk value via supplier security assessments, supply chain mapping, cyber risk listing, and quantitative risk analysis [101].
The CRAM framework takes an insurance approach to this risk equation, focusing on the impact of loss and the premium of coverage based on attack severity, security investment, and probability of attack [99]. This is the opposite of applying a mitigation or resilience-based approach from a mission assurance context, as risk trade-offs are favored over mission outcomes.
Two studies identified specifically considered how cyber assets affected mission value within their risk models. A three phase assessment methodology was presented for distributed information systems, which includes a threat assessment, asset valuation and vulnerability assessment, in which the asset valuation specifically delineated the functional value of cyber infrastructures based on purpose within the organization [98]. Within the maritime cyber environment, the Maritime Cyber-Risk Assessment (MaCRA) model for risk assessment characterizes cyber risks and then identifies systems that would benefit most from additional security protection and inform human decision support [100]. One of MaCRA’s strengths was its ability to map the effects of a cyber-attack through the system and subsequent maritime technology connected to it, creating valuable system-of-system risk insight [100].
Most of the models examined considered the vulnerabilities inherent within systems as part of their risk analysis, with some making decision support recommendations for building more resilient infrastructure at critical nodes. A few studies considered the mission value that assets provided, but this was not scoped within the context of mission assurance, and the process of defining and prioritizing wider organizational objectives was not defined. No models in the literature specifically implemented methods to deal with the features of complex adaptive systems, although some did have the capacity to take feedback loops in their risk analysis to inform risk change over time. No existimg models addressed the social dimensions of risk or were built to be adaptive to emergent phenomena. This highlights the strength of the new proposed E3R model, where each module is designed with dynamic feedback loops in mind to be responsive to emergent events and information. The model is build to include the cyber, physical, and social aspects of risk modeling, and prioritizes systemic resilience in the context of mission assurance priorities. Based on the current scope of cyber risk modeling literature, this is a novel approach to building resilient cyber architecture.

4.4. Case Studies Applying E3R

This section applies the E3R modeling paradigm to an Intelligent Transport System case study to demonstrate how the model assists in mission assurance scenarios where organizational priorities may shift and anticipatory adaptive scenarios must be considered.
In this case study, an Intelligent Transport System (ITS) is introduced to the scenario as a form of C-CPSS. The ITS consists of a series of internet of things (IoT)-connected devices that collect road- and transport-related data and transfer this through database and cloud structures into application platforms, which are used to manage transport infrastructure [102,103,104]. Hazards, event logs, traffic flow information, GPS data, and weather are all examples of inputs that devices within the ITS may collect and process. People also constitute key social nodes within ITS C-CPSS, with their conduct influencing vehicle behaviors, worksite patterns, and pedestrian activity.
The E3R model will be applied to the ITS case study through two scenarios. The first will be a ’business as usual’ (BAU) scenario where system patterns are reflective of a typical 24 h ITS cycle. The second will be a scenario reflective of emergent phenomena, in which a major vehicle collision occurs on one of the artery highways within the ITS. Through the use of these two scenarios, the adaptive value of the E3R model will be demonstrated, particularly its strength within unpredictable complex environments such as those categorized by C-CPSS that require the application of responsible resilience principles.
In the first stage of ’Observing and Sensing’, real-time data from IoT devices in the ITS are collected [104]. A copy of this data is then sent into an ontology-driven context model. This model analyzes the inputs to develop a representation of the ecology of the ITS, including the dynamics between different C-CPSS nodes. For the first scenario, this would ontology would be reflective of the typical node activity experienced within the system within a 24-h time frame, such as traffic light activity, adaptive speed limit signs, and street lighting control. For the second scenario, the ontology would include data specifically relating to the vehicle collision and the flow-on relationships that were triggered by that event, such as the initiation of Ambulance and Police services.
From this ontology, an agent-based Artificial Intelligence-driven simulation environment can be used to explore consequences and optimization options. Applying mission assurance principles can change the priority of cyber services within their wider context, and this is seen comparitively between the two scenarios. In the BAU context, the primary outcome of agent-based simulations is to develop strategic long-term courses of action that optimize the ITS for maximum efficiency and effectiveness. These could be through the exploration of business continuity planning procedures, testing traffic light patterns, or experimenting with new road paths. In the second collision scenario, the mission priority is short-term, considering how to reduce the impact of the accident to the wider ITS. Simulations to achieve this could focus on modifying emergency response capabilities, experimenting with adaptive detour routing, and changing speed limits to alter traffic flow. In both scenarios, applying agent-based simulations offers opportunities to understand the consequences of mitigating actions as they are applied to the ITS and how they may differ across various operating scenarios where nonlinearity increases contextual complexity.
Outcomes and lessons learnt from these simulations can then be processed by ethical reasoning and risk inference modules, where they can be evaluated against transparency, accountability, and fairness metrics. This is to ensure that options that may be logically or computationally valid but are ethically unsound are not considered within the decision modules. The standards for this module must be inputted by the decision makers, and will be reflective of the ethics and rulesets applicable to the environment, industry, and context. For the collision scenario, an algorithm optimizing to minimize cost may deem it sound to not deploy emergency services to the vehicle accident, but the reasoning module would flag this as an invalid option and discard it from the pool.
From the options defined, the adaptive decision support module evaluates the recommendations based on the mission assurance priorities. For the first BAU scenario, this may come in the form of recommended road building development plans or changes to traffic light patterns. For the second scenario, this may come in the form of different combinations of deployed emergency service personnel, adaptive rerouting plans, and cleanup considerations. Ultimately, this module prioritizes the recommendations, identifies any potential conflicting recommendations, and sequences them together to form the final course of action.
Finally, the human-in-the-loop oversight component acts to validate the outputs of the model to ensure that recommendations meet the critical mission assurance needs of the ITS within the context of the scenario. In the BAU scenario, a person would be providing critical governance to verify that the course of action recommendation was feasible and realistic considering the ITS environment and to potentially overlay any additional constraints, such as government planning regulations, that may not have been considered. In the collision scenario, the human-in-the-loop perspective ensures that emergency response requirements are being met and that the appropriate agencies are being notified.
The two scenarios within this ITS case study demonstrate the strengths of the E3R model when applied in mission assurance scenarios. The model is adaptive, allowing for the complexities of nonlinear dynamical systems to be considered whilst also incorporating the multi-domain elements of the cyber, physical, and social spheres. Ultimately, the application of the E3R model assists in the development of responsible resilience mechanisms for the target system that extend beyond traditional risk paradigms to encompass predictive, emergent phenomena.

5. Conclusions

The research field of cyber security has grown steadily since the early 2000s. Recent cyber security research includes cyber-attacks, the internet of things, cyber–physical systems, and machine learning. This paper has endeavored to survey the current state of cyber security research, including a focus on the most highly cited literature from the last few years. Significant research gaps have been identified throughout the review, including those related to the human–cyber dynamic, the need to decouple intent from threat, and vulnerability in machine learning.
The research field of cyber–physical systems has grown steadily since 2009, and has maintained its foothold as a significant cyber security application area, primarily due to its unique characteristics and significant potential impact from cyber-attacks. Recent CPS research has been heavily focused on topics including the internet of things, industry 4.0, machine learning, and cyber security. This research has surveyed the current state of CPS research, including a focus on the most highly cited literature from 2021 to 2024. Significant research gaps have been identified throughout the review. There is a need for robust CPS design to better replicate real world systems and build resiliency in the face of heterogeneous influence and emergence. Additionally, recent novel research tends to focus on specific case studies such as medical and industrial applications, without considering diverse CPS scenarios or system-of-systems CPS constructs. There is a need to consider human factors within CPS from beyond just a privacy perspective, including their influence within broader CPS research fields.
Finally, new ways to comprehend and analyze the cyber security effects of CPS that contain social agents are described and discussed through the lens of C-CPSS. There is very limited established literature about C-CPSS; however, much can be drawn from the foundational paradigms of complex systems, CPS, and CPSS. Due to the potential decisiveness of unpredicted emergent behavior, there is a potential for future research into the cyber security consequences posed by these complex systems, utilizing elements of existing modeling techniques such as causal loops, agent-based simulations, and ontologies. Such research would not only contribute to a more comprehensive understanding of these multi-domain dynamics, but have the potential to influence novel research into building cyber resilience against emergent phenomena to contribute to mission assurance ventures.
Investment into these research gaps provides an opportunity for the further development of C-CPSS applications. These applications have the potential to benefit a myriad of cyber domain environments, ranging from smart cities to governance and finance. Priority missions exist across society, with critical infrastructure and services requiring resilient cyber architecture that can survive emergent disruptive events. The C-CPSS paradigm offers an opportunity for novel research to build that resilience against emergent phenomena, potentially improving the cyber security of critical systems used every day within society.
This work presents the novel E3R Paradigm for responsible resilience in C-CPSS. It defines the key components of applying the model to these complex adaptive systems and the advantages that set it apart from traditional technocentric models for cyber–physical system security. The E3R Paradigm poses exciting opportunities for applications in mission assurance scenarios where organizational priorities can shift based on emergent environmental phenomena and where social inputs must be considered as part of anticipatory adaptive scenarios.

Author Contributions

Conceptualization, T.S., N.M. and B.T.; methodology, T.S.; software, T.S.; validation, T.S., N.M. and B.T.; formal analysis, T.S., N.M. and B.T.; investigation, T.S.; resources, T.S.; data curation, T.S.; writing—original draft preparation, T.S.; writing—review and editing, T.S., N.M. and B.T.; visualization, T.S. and N.M.; supervision, B.T. and N.M.; project administration, B.T. and N.M.; funding acquisition, N.M. and B.T. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The original data presented in the study are openly available in the Scopus Database at https://www.scopus.com/home.uri.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AIArtificial Intelligence
CPSCyber–Physical System
CPSSCyber–Physical–Social System
C-CPSSComplex Cyber–Physical–Social System

References

  1. Atheeq, C.; Sultana, R.; Sabahath, S.A.; Mohammed, M.A.K. Advancing IoT Cybersecurity: Adaptive threat identification with deep learning in Cyber-physical systems. Eng. Technol. Appl. Sci. Res. 2024, 14, 13559–13566. [Google Scholar] [CrossRef]
  2. Oks, S.J.; Jalowski, M.; Lechner, M.; Mirschberger, S.; Merklein, M.; Vogel-Heuser, B.; Möslein, K.M. Cyber-physical systems in the context of industry 4.0: A review, categorization and outlook. Inf. Syst. Front. 2024, 26, 1731–1772. [Google Scholar] [CrossRef]
  3. Qudus, L. Resilient systems: Building secure cyber-physical infrastructure for critical industries against emerging threats. Int. J. Res. Publ. Rev. 2025, 6, 3330–3346. [Google Scholar] [CrossRef]
  4. Kumar, S.; Bhowmik, B. Emergence, evolution, and applications of cyber-physical systems in smart society. In Proceedings of the 2024 Fourth International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT), Bhilai, India, 11–12 January 2024; pp. 1–8. [Google Scholar]
  5. Hu, C.L.; Wang, L.; Chen, M.L.; Pei, C. A real-time interactive decision-making and control framework for complex cyber-physical-human systems. Annu. Rev. Control 2024, 57, 100938. [Google Scholar] [CrossRef]
  6. Bandi, A. A Taxonomy of AI techniques for security and privacy in cyber–physical systems. J. Comput. Cogn. Eng. 2024, 3, 98–111. [Google Scholar] [CrossRef]
  7. Calabrò, A.; Cambiaso, E.; Cheminod, M.; Bertolotti, I.C.; Durante, L.; Forestiero, A.; Lombardi, F.; Manco, G.; Marchetti, E.; Orlando, A. A Methodological Approach to Securing Cyber-Physical Systems for Critical Infrastructures. Future Internet 2024, 16, 418. [Google Scholar] [CrossRef]
  8. He, S.; Zhou, Y.; Yang, Y.; Liu, T.; Zhou, Y.; Li, J.; Wu, T.; Guan, X. Cascading Failure in Cyber-Physical Systems: A Review on Failure Modeling and Vulnerability Analysis. IEEE Trans. Cybern. 2024, 54, 7936–7954. [Google Scholar] [CrossRef] [PubMed]
  9. Wang, X.; Zhu, J.; Su, C.; Zhen, X. Cascade failure modeling and resilience analysis of mine cyber physical systems under deliberate attacks. J. Saf. Sci. Resil. 2024, 5, 266–280. [Google Scholar] [CrossRef]
  10. Secretary of the Air Force (Ed.) Air Force Policy Directive 10-24 Mission Assurance; Department of the Air Force: Washington, DC, USA, 2019. [Google Scholar]
  11. Ahmad, M.A.; Baryannis, G.; Hill, R. Defining Complex Adaptive Systems: An Algorithmic Approach. Systems 2024, 12, 45. [Google Scholar] [CrossRef]
  12. Zimmerman, B.; Lindberg, C.; Plsek, P. A Complexity Science Primer: What Is Complexity Science and Why Should I Learn About It; Adapted From: Edgeware: Lessons From Complexity Science for Health Care Leaders; VHA Inc.: Dallas, TX, USA, 1998. [Google Scholar]
  13. Goldman, H.; McQuaid, R.; Picciotto, J. Cyber resilience for mission assurance. In Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security (HST), Waltham, MA, USA, 15–17 November 2011; pp. 236–241. [Google Scholar]
  14. Hudson Jr, J.F.F. Mission Assurance in Joint All-Domain Command and Control. Air Space Power J. 2021, 35, 18–32. [Google Scholar]
  15. Pereira, C.; Marto, A.; Ribeiro, R.; Gonçalves, A.; Rodrigues, N.; Rabadão, C.; Costa, R.L.d.C.; Santos, L. Security and Privacy in Physical–Digital Environments: Trends and Opportunities. Future Internet 2025, 17, 83. [Google Scholar] [CrossRef]
  16. Phillips, S.C.; Taylor, S.; Boniface, M.; Modafferi, S.; Surridge, M. Automated knowledge-based cybersecurity risk assessment of cyber-physical systems. IEEE Access 2024, 12, 82482–82505. [Google Scholar] [CrossRef]
  17. Lallie, H.S.; Shepherd, L.A.; Nurse, J.R.; Erola, A.; Epiphaniou, G.; Maple, C.; Bellekens, X. Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput. Secur. 2021, 105, 102248. [Google Scholar] [CrossRef]
  18. Buil-Gil, D.; Miró-Llinares, F.; Moneva, A.; Kemp, S.; Díaz-Castaño, N. Cybercrime and shifts in opportunities during COVID-19: A preliminary analysis in the UK. Eur. Soc. 2021, 23, S47–S59. [Google Scholar] [CrossRef]
  19. Nguyen, G.N.; Le Viet, N.H.; Elhoseny, M.; Shankar, K.; Gupta, B.; Abd El-Latif, A.A. Secure blockchain enabled Cyber–physical systems in healthcare using deep belief network with ResNet model. J. Parallel Distrib. Comput. 2021, 153, 150–160. [Google Scholar] [CrossRef]
  20. Aslam, J.; Saleem, A.; Khan, N.T.; Kim, Y.B. Factors influencing blockchain adoption in supply chain management practices: A study based on the oil industry. J. Innov. Knowl. 2021, 6, 124–134. [Google Scholar] [CrossRef]
  21. Abd El-Latif, A.A.; Abd-El-Atty, B.; Mehmood, I.; Muhammad, K.; Venegas-Andraca, S.E.; Peng, J. Quantum-inspired blockchain-based cybersecurity: Securing smart edge utilities in IoT-based smart cities. Inf. Process. Manag. 2021, 58, 102549. [Google Scholar] [CrossRef]
  22. Alazab, M.; Alhyari, S.; Awajan, A.; Abdallah, A.B. Blockchain technology in supply chain management: An empirical study of the factors affecting user adoption/acceptance. Clust. Comput. 2021, 24, 83–101. [Google Scholar] [CrossRef]
  23. Latif, S.; Idrees, Z.; Ahmad, J.; Zheng, L.; Zou, Z. A blockchain-based architecture for secure and trustworthy operations in the industrial Internet of Things. J. Ind. Inf. Integr. 2021, 21, 100190. [Google Scholar] [CrossRef]
  24. Li, H.; Yu, K.; Liu, B.; Feng, C.; Qin, Z.; Srivastava, G. An efficient ciphertext-policy weighted attribute-based encryption for the internet of health things. IEEE J. Biomed. Health Inform. 2021, 26, 1949–1960. [Google Scholar] [CrossRef]
  25. Yi, J.; Dong, K.; Shen, S.; Jiang, Y.; Peng, X.; Ye, C.; Wang, Z.L. Fully fabric-based triboelectric nanogenerators as self-powered human–machine interactive keyboards. Nano-Micro Lett. 2021, 13, 1–13. [Google Scholar] [CrossRef] [PubMed]
  26. Hussain, B.; Du, Q.; Sun, B.; Han, Z. Deep learning-based DDoS-attack detection for cyber–physical system over 5G network. IEEE Trans. Ind. Inform. 2020, 17, 860–870. [Google Scholar] [CrossRef]
  27. ur Rehman, S.; Khaliq, M.; Imtiaz, S.I.; Rasool, A.; Shafiq, M.; Javed, A.R.; Jalil, Z.; Bashir, A.K. DIDDOS: An approach for detection and identification of Distributed Denial of Service (DDoS) cyberattacks using Gated Recurrent Units (GRU). Future Gener. Comput. Syst. 2021, 118, 453–466. [Google Scholar] [CrossRef]
  28. Injadat, M.; Moubayed, A.; Nassif, A.B.; Shami, A. Multi-stage optimized machine learning framework for network intrusion detection. IEEE Trans. Netw. Serv. Manag. 2020, 18, 1803–1816. [Google Scholar] [CrossRef]
  29. Bagui, S.; Li, K. Resampling imbalanced data for network intrusion detection datasets. J. Big Data 2021, 8, 1–41. [Google Scholar] [CrossRef]
  30. Gunturi, S.K.; Sarkar, D. Ensemble machine learning models for the detection of energy theft. Electr. Power Syst. Res. 2021, 192, 106904. [Google Scholar] [CrossRef]
  31. Hemalatha, J.; Roseline, S.A.; Geetha, S.; Kadry, S.; Damaševičius, R. An efficient densenet-based deep learning model for malware detection. Entropy 2021, 23, 344. [Google Scholar] [CrossRef] [PubMed]
  32. Mahbooba, B.; Timilsina, M.; Sahal, R.; Serrano, M. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021, 2021, 1–11. [Google Scholar] [CrossRef]
  33. Moustafa, N. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON IoT datasets. Sustain. Cities Soc. 2021, 72, 102994. [Google Scholar] [CrossRef]
  34. Cvitić, I.; Peraković, D.; Periša, M.; Gupta, B. Ensemble machine learning approach for classification of IoT devices in smart home. Int. J. Mach. Learn. Cybern. 2021, 12, 3179–3202. [Google Scholar] [CrossRef]
  35. Zografopoulos, I.; Ospina, J.; Liu, X.; Konstantinou, C. Cyber-physical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access 2021, 9, 29775–29818. [Google Scholar] [CrossRef]
  36. Zwilling, M.; Klien, G.; Lesjak, D.; Wiechetek, L.; Cetin, F.; Basim, H.N. Cyber security awareness, knowledge and behavior: A comparative study. J. Comput. Inf. Syst. 2022, 62, 82–97. [Google Scholar] [CrossRef]
  37. Liu, Q.; Leng, J.; Yan, D.; Zhang, D.; Wei, L.; Yu, A.; Zhao, R.; Zhang, H.; Chen, X. Digital twin-based designing of the configuration, motion, control, and optimization model of a flow-type smart manufacturing system. J. Manuf. Syst. 2021, 58, 52–64. [Google Scholar] [CrossRef]
  38. Leng, J.; Jiang, P.; Liu, C.; Wang, C. Contextual self-organizing of manufacturing process for mass individualization: A cyber-physical-social system approach. Enterp. Inf. Syst. 2020, 14, 1124–1149. [Google Scholar] [CrossRef]
  39. Yi, Y.; Yan, Y.; Liu, X.; Ni, Z.; Feng, J.; Liu, J. Digital twin-based smart assembly process design and application framework for complex products and its case study. J. Manuf. Syst. 2021, 58, 94–107. [Google Scholar] [CrossRef]
  40. Jiang, H.; Qin, S.; Fu, J.; Zhang, J.; Ding, G. How to model and implement connections between physical and virtual models for digital twin application. J. Manuf. Syst. 2021, 58, 36–51. [Google Scholar] [CrossRef]
  41. Zhuang, C.; Miao, T.; Liu, J.; Xiong, H. The connotation of digital twin, and the construction and application method of shop-floor digital twin. Robot. Comput. Integr. Manuf. 2021, 68, 102075. [Google Scholar] [CrossRef]
  42. Rijswijk, K.; Klerkx, L.; Bacco, M.; Bartolini, F.; Bulten, E.; Debruyne, L.; Dessein, J.; Scotti, I.; Brunori, G. Digital transformation of agriculture and rural areas: A socio-cyber-physical system framework to support responsibilisation. J. Rural Stud. 2021, 85, 79–90. [Google Scholar] [CrossRef]
  43. Mamta; Gupta, B.B.; Li, K.C.; Leung, V.C.M.; Psannis, K.E.; Yamaguchi, S. Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System. IEEE/CAA J. Autom. Sin. 2021, 8, 1877–1890. [Google Scholar] [CrossRef]
  44. Egala, B.S.; Pradhan, A.K.; Badarla, V.; Mohanty, S.P. Fortified-chain: A blockchain-based framework for security and privacy-assured internet of medical things with effective access control. IEEE Internet Things J. 2021, 8, 11717–11731. [Google Scholar] [CrossRef]
  45. Masud, M.; Gaba, G.S.; Alqahtani, S.; Muhammad, G.; Gupta, B.B.; Kumar, P.; Ghoneim, A. A lightweight and robust secure key establishment protocol for internet of medical things in COVID-19 patients care. IEEE Internet Things J. 2020, 8, 15694–15703. [Google Scholar] [CrossRef]
  46. Saeed, U.; Jan, S.U.; Lee, Y.D.; Koo, I. Fault diagnosis based on extremely randomized trees in wireless sensor networks. Reliab. Eng. Syst. Saf. 2021, 205, 107284. [Google Scholar] [CrossRef]
  47. Deng, C.; Wang, Y.; Wen, C.; Xu, Y.; Lin, P. Distributed resilient control for energy storage systems in cyber–physical microgrids. IEEE Trans. Ind. Inform. 2020, 17, 1331–1341. [Google Scholar] [CrossRef]
  48. Petrillo, A.; Pescape, A.; Santini, S. A secure adaptive control for cooperative driving of autonomous connected vehicles in the presence of heterogeneous communication delays and cyberattacks. IEEE Trans. Cybern. 2020, 51, 1134–1149. [Google Scholar] [CrossRef] [PubMed]
  49. Li, B.; Wu, Y.; Song, J.; Lu, R.; Li, T.; Zhao, L. DeepFed: Federated deep learning for intrusion detection in industrial cyber–physical systems. IEEE Trans. Ind. Inform. 2020, 17, 5615–5624. [Google Scholar] [CrossRef]
  50. Lv, Z.; Han, Y.; Singh, A.K.; Manogaran, G.; Lv, H. Trustworthiness in industrial IoT systems based on artificial intelligence. IEEE Trans. Ind. Inform. 2020, 17, 1496–1504. [Google Scholar] [CrossRef]
  51. Zhou, X.; Liang, W.; Shimizu, S.; Ma, J.; Jin, Q. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Trans. Ind. Inform. 2020, 17, 5790–5798. [Google Scholar] [CrossRef]
  52. Qi, W.; Hou, Y.; Zong, G.; Ahn, C.K. Finite-time event-triggered control for semi-Markovian switching cyber-physical systems with FDI attacks and applications. IEEE Trans. Circuits Syst. I Regul. Pap. 2021, 68, 2665–2674. [Google Scholar] [CrossRef]
  53. Nara, E.O.B.; da Costa, M.B.; Baierle, I.C.; Schaefer, J.L.; Benitez, G.B.; do Santos, L.M.A.L.; Benitez, L.B. Expected impact of industry 4.0 technologies on sustainable development: A study in the context of Brazil’s plastic industry. Sustain. Prod. Consum. 2021, 25, 102–122. [Google Scholar] [CrossRef]
  54. Bonilla, S.H.; Silva, H.R.; Terra da Silva, M.; Franco Gonçalves, R.; Sacomano, J.B. Industry 4.0 and sustainability implications: A scenario-based analysis of the impacts and challenges. Sustainability 2018, 10, 3740. [Google Scholar] [CrossRef]
  55. Fettermann, D.C.; Cavalcante, C.G.S.; Almeida, T.D.d.; Tortorella, G.L. How does Industry 4.0 contribute to operations management? J. Ind. Prod. Eng. 2018, 35, 255–268. [Google Scholar] [CrossRef]
  56. Junior, J.A.G.; Busso, C.M.; Gobbo, S.C.O.; Carreão, H. Making the links among environmental protection, process safety, and industry 4.0. Process. Saf. Environ. Prot. 2018, 117, 372–382. [Google Scholar]
  57. Shin, S.J.; Woo, J.; Rachuri, S. Predictive analytics model for power consumption in manufacturing. Procedia CIRP 2014, 15, 153–158. [Google Scholar] [CrossRef]
  58. Thiede, S. Environmental sustainability of cyber physical production systems. Procedia CIRP 2018, 69, 644–649. [Google Scholar] [CrossRef]
  59. Li, C.Z.; Chen, Z.; Xue, F.; Kong, X.T.R.; Xiao, B.; Lai, X.; Zhao, Y. A blockchain- and IoT-based smart product-service system for the sustainability of prefabricated housing construction. J. Clean. Prod. 2021, 286, 125391. [Google Scholar] [CrossRef]
  60. Edwards, N.; Kiser, S.B.; Haynes, J.B. Answering the Cybersecurity Issues: Confidentiality, Integrity, and Availability. J. Strateg. Innov. Sustain. 2020, 15, 10–14. [Google Scholar]
  61. Nweke, L.O. Using the CIA and AAA models to explain cybersecurity activities. PM World J. 2017, 6, 1–2. [Google Scholar]
  62. Roelofs, R. Measuring Generalization and Overfitting in Machine Learning; University of California: Berkeley, CA, USA, 2019. [Google Scholar]
  63. Mersinas, K.; Sobb, T.; Sample, C.; Bakdash, J.Z.; Ormrod, D. Training Data and Rationality. In Proceedings of the ECIAIR 2019 European Conference on the Impact of Artificial Intelligence and Robotics, Oxford, UK, 31 October–1 November 2019; Academic Conferences and Publishing Limited: London, UK, 2019; p. 225. [Google Scholar]
  64. Huang, C.; Marshall, J.; Wang, D.; Dong, M. Towards reliable social sensing in cyber-physical-social systems. In Proceedings of the 2016 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), Chicago, IL, USA, 23–27 May 2016; pp. 1796–1802. [Google Scholar]
  65. Mirza, I.B. Intersecting Sensor and Social Media Information Spaces for Comprehensive Situation Awareness. Ph.D. Thesis, School of Science, Computing And Engineering Technologies, Swinburne University of Technology, Melbourne, Australia, 2024. [Google Scholar]
  66. Mirza, I.B.; Georgakopoulos, D.; Yavari, A. Cyber-physical-social awareness platform for comprehensive situation awareness. Sensors 2023, 23, 822. [Google Scholar] [CrossRef]
  67. Revathi, S.; Raja, J.; Mohanraj, M.; Malathi, K.; Mallala, B.; Vidhya, R. Challenges in Cyber Physical Social Systems and Internet of Things. In Proceedings of the 2024 5th International Conference on Smart Electronics and Communication (ICOSEC), Trichy, India, 18–20 September 2024; pp. 409–413. [Google Scholar]
  68. Gruber, T. What is an Ontology? In Encyclopedia of Database Systems; Springer: New York, NY, USA, 2009. [Google Scholar]
  69. Neuhaus, F. What is an Ontology? arXiv 2018, arXiv:1810.09171. [Google Scholar]
  70. Brinson, A.; Robinson, A.; Rogers, M. A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digit. Investig. 2006, 3, 37–43. [Google Scholar] [CrossRef]
  71. Kul, G.; Upadhyaya, S.J. Towards a Cyber Ontology for Insider Threats in the Financial Sector. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2015, 6, 64–85. [Google Scholar]
  72. Obrst, L.; Chase, P.; Markeloff, R. Developing an Ontology of the Cyber Security Domain. In Proceedings of the STIDS, Fairfax, VA, USA, 24–25 October 2012; pp. 49–56. [Google Scholar]
  73. Oltramari, A.; Henshel, D.S.; Cains, M.; Hoffman, B. Towards a Human Factors Ontology for Cyber Security. Stids 2015, 2015, 26–33. [Google Scholar]
  74. Syed, Z.; Padia, A.; Finin, T.; Mathews, L.; Joshi, A. UCO: A unified cybersecurity ontology. In Proceedings of the Workshops at the Thirtieth AAAI Conference on Artificial Intelligence, Phoenix, AZ, USA, 12–13 February 2016. [Google Scholar]
  75. Varvarigou, D.; Espes, D.; Bersano, G. Ontology-Based Solution for Handling Safety and Cybersecurity Interdependency in Safety-Critical Systems. In Latest Advances and New Visions of Ontology in Information Science; IntechOpen: London, UK, 2023; Book Section 3. [Google Scholar]
  76. An, L.; Grimm, V.; Sullivan, A.; Turner Ii, B.; Malleson, N.; Heppenstall, A.; Vincenot, C.; Robinson, D.; Ye, X.; Liu, J. Challenges, tasks, and opportunities in modeling agent-based complex systems. Ecol. Model. 2021, 457, 109685. [Google Scholar] [CrossRef]
  77. Bemthuis, R.; Mes, M.; Iacob, M.E.; Havinga, P. Using agent-based simulation for emergent behavior detection in cyber-physical systems. In Proceedings of the 2020 Winter Simulation Conference (WSC), Orlando, FL, USA, 14–18 December 2020; pp. 230–241. [Google Scholar]
  78. Kotenko, I.; Konovalov, A.; Shorov, A. Agent-based modeling and simulation of botnets and botnet defense. In Proceedings of the Conference on Cyber Conflict, Tallinn, Estonia, 29 May–1 June 2018; pp. 21–44. [Google Scholar]
  79. Kotenko, I.; Mankov, E. Agent-Based Modeling and Simulation of Computer Network Attacks. In Proceedings of the Fourth International Workshop on Agent-Based Simulation, Melbourne, Australia, 14 July 2003; Volume 4. [Google Scholar]
  80. Novak, P.; Kadera, P.; Wimmer, M. Agent-based modeling and simulation of hybrid cyber-physical systems. In Proceedings of the 2017 3rd IEEE International Conference on Cybernetics (CYBCONF), Exeter, UK, 21–23 June 2017; pp. 1–8. [Google Scholar]
  81. Rafferty, L. Agent-Based Modeling Framework for Adaptive Cyber Defence of the Internet of Things. Ph.D. Thesis, University of Ontario Institute of Technology (Ontario Tech University), Oshawa, ON, Canada, 2022. [Google Scholar]
  82. Mata, O.; Ponce, P.; McDaniel, T.; Méndez, J.I.; Peffer, T.; Molina, A. Smart city concept based on cyber-physical social systems with hierarchical ethical agents approach. In Proceedings of the International Conference On Human-Computer Interaction, Bari, Italy, 30 August–3 September 2021; pp. 424–437. [Google Scholar]
  83. Ören, T. Security of Cyber-Physical-Social Systems: Impact of Simulation-Based Systems Engineering, Artificial Intelligence, Human Involvement, and Ethics. In Advances in Computing, Informatics, Networking and Cybersecurity: A Book Honoring Professor Mohammad S. Obaidat’s Significant Scientific Contributions; Springer: Berlin/Heidelberg, Germany, 2022; pp. 711–732. [Google Scholar]
  84. Farid, K.; Sakr, N. Few-Shot System Identification for Reinforcement Learning. In Proceedings of the 2021 6th Asia-Pacific Conference on Intelligent Robot Systems (ACIRS), Tokyo, Japan, 16–18 July 2021; pp. 1–7. [Google Scholar]
  85. Luo, B.; Zhang, Y.; Dubey, A.; Mukhopadhyay, A. Act as you learn: Adaptive decision-making in non-stationary markov decision processes. arXiv 2024, arXiv:2401.01841. [Google Scholar]
  86. Sinha, S.; Vaidya, U.; Yeung, E. On few shot learning of dynamical systems: A Koopman operator theoretic approach. arXiv 2021, arXiv:2103.04221. [Google Scholar]
  87. Su, Y.; Zhao, H.; Zheng, Y.; Wang, Y. Few-shot learning with multi-granularity knowledge fusion and decision-making. IEEE Trans. Big Data 2024, 10, 486–497. [Google Scholar] [CrossRef]
  88. Zaman, M.; Eini, R.; Zohrabi, N.; Abdelwahed, S. A Decision Support System for Cyber Physical Systems under Disruptive Events: Smart Building Application. In Proceedings of the 2022 IEEE International Smart Cities Conference (ISC2), Pafos, Cyprus, 26–29 September 2022; pp. 1–7. [Google Scholar]
  89. Aoki, N. The importance of the assurance that “humans are still in the decision loop” for public trust in artificial intelligence: Evidence from an online experiment. Comput. Hum. Behav. 2021, 114, 106572. [Google Scholar] [CrossRef]
  90. Kathiresan, G. Human-in-the-Loop Testing for LLM-Integrated Software: A Quality Engineering Framework for Trust and Safety. Authorea Prepr. 2025. [Google Scholar]
  91. Ghai, B.; Mueller, K. D-bias: A causality-based human-in-the-loop system for tackling algorithmic bias. IEEE Trans. Vis. Comput. Graph. 2022, 29, 473–482. [Google Scholar] [CrossRef]
  92. Gannon, J.D.; Hamlet, R.G.; Mills, H.D. Theory of modules. IEEE Trans. Softw. Eng. 1987, SE-13, 820–829. [Google Scholar] [CrossRef]
  93. Field, A. Risk Management and ISO 31000: A Pocket Guide; IT Governance Publishing: Ely, UK, 2023. [Google Scholar]
  94. Purdy, G. ISO 31000: 2009—setting a new standard for risk management. Risk Anal. Int. J. 2010, 30, 881–886. [Google Scholar] [CrossRef]
  95. Shin, J.; Son, H.; Heo, G. Development of a cyber security risk model using Bayesian networks. Reliab. Eng. Syst. Saf. 2015, 134, 208–217. [Google Scholar] [CrossRef]
  96. Alali, M.; Almogren, A.; Hassan, M.M.; Rassan, I.A.; Bhuiyan, M.Z.A. Improving risk assessment model of cyber security using fuzzy logic inference system. Comput. Secur. 2018, 74, 323–339. [Google Scholar] [CrossRef]
  97. McQueen, M.A.; Boyer, W.F.; Flynn, M.A.; Beitel, G.A. Time-to-compromise model for cyber risk reduction estimation. In Proceedings of the Quality of Protection: Security Measurements and Metrics; Springer: Idaho Falls, ID, USA, 2006; pp. 49–64. [Google Scholar]
  98. Palko, D.; Babenko, T.; Bigdan, A.; Kiktev, N.; Hutsol, T.; Kuboń, M.; Hnatiienko, H.; Tabor, S.; Gorbovy, O.; Borusiewicz, A. Cyber security risk modeling in distributed information systems. Appl. Sci. 2023, 13, 2393. [Google Scholar] [CrossRef]
  99. Mukhopadhyay, A.; Chatterjee, S.; Bagchi, K.K.; Kirs, P.J.; Shukla, G.K. Cyber risk assessment and mitigation (CRAM) framework using logit and probit models for cyber insurance. Inf. Syst. Front. 2019, 21, 997–1018. [Google Scholar] [CrossRef]
  100. Tam, K.; Jones, K. MaCRA: A model-based framework for maritime cyber-risk assessment. WMU J. Marit. Aff. 2019, 18, 129–163. [Google Scholar] [CrossRef]
  101. Akinrolabu, O.; Nurse, J.R.; Martin, A.; New, S. Cyber risk assessment in cloud provider environments: Current models and future needs. Comput. Secur. 2019, 87, 101600. [Google Scholar] [CrossRef]
  102. Avcı, İ.; Koca, M. Intelligent Transportation System Technologies, Challenges and Security. Appl. Sci. 2024, 14, 4646. [Google Scholar] [CrossRef]
  103. Lee, K.; Hong, D.; Kim, J.; Cha, D.; Choi, H.; Moon, J.; Moon, C. Road-network-based event information system in a cooperative ITS Environment. Electronics 2023, 12, 2448. [Google Scholar] [CrossRef]
  104. Levina, A.I.; Dubgorn, A.S.; Iliashenko, O.Y. Internet of things within the service architecture of intelligent transport systems. In Proceedings of the 2017 European Conference on Electrical Engineering and Computer Science (EECS), Bern, Switzerland, 17–19 November 2017; pp. 351–355. [Google Scholar]
Futureinternet 17 00282 g001
Figure 1. Cyber security recent novel research clusters.
Figure 1. Cyber security recent novel research clusters.
Futureinternet 17 00282 g001
Futureinternet 17 00282 g002
Figure 2. CPS recent novel research clusters.
Figure 2. CPS recent novel research clusters.
Futureinternet 17 00282 g002
Futureinternet 17 00282 g003
Figure 3. CPS recent novel research clusters.
Figure 3. CPS recent novel research clusters.
Futureinternet 17 00282 g003
Futureinternet 17 00282 g004
Figure 4. E3E modeling diagram.
Figure 4. E3E modeling diagram.
Futureinternet 17 00282 g004
Table 1. Cyber risk model comparison, where ’X’ indicates inclusion.
Table 1. Cyber risk model comparison, where ’X’ indicates inclusion.
Social DimensionEmergenceResilienceDynamic Adaptive SystemsFeedback LoopsAsset Mission Value
E3R ModelXXXXXX
ISO 31000:2018 Process Clause 6 [93,94]--X-X-
Bayesian risk model [95]--X---
Fuzzy Inference Model [96]----X-
Time-To-Compromise Model [97]----X-
Three-phase assessment [98]-----X
CRAM Framework [99]------
MaCRA Model [100]--X--X
CSCCRA model [101]------
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Sobb, T.; Moustafa, N.; Turnbull, B. Responsible Resilience in Cyber–Physical–Social Systems: A New Paradigm for Emergent Cyber Risk Modeling. Future Internet 2025, 17, 282. https://doi.org/10.3390/fi17070282

AMA Style

Sobb T, Moustafa N, Turnbull B. Responsible Resilience in Cyber–Physical–Social Systems: A New Paradigm for Emergent Cyber Risk Modeling. Future Internet. 2025; 17(7):282. https://doi.org/10.3390/fi17070282

Chicago/Turabian Style

Sobb, Theresa, Nour Moustafa, and Benjamin Turnbull. 2025. "Responsible Resilience in Cyber–Physical–Social Systems: A New Paradigm for Emergent Cyber Risk Modeling" Future Internet 17, no. 7: 282. https://doi.org/10.3390/fi17070282

APA Style

Sobb, T., Moustafa, N., & Turnbull, B. (2025). Responsible Resilience in Cyber–Physical–Social Systems: A New Paradigm for Emergent Cyber Risk Modeling. Future Internet, 17(7), 282. https://doi.org/10.3390/fi17070282

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop