arXiv: REPOSE: Quantifying the Price of Security in Weakly-Hard Real-Time Cyber-Physical Systems

This publication, titled REPOSE: Quantifying the Price of Security in Weakly-Hard Real-Time Cyber-Physical Systems, introduces a formal framework for measuring the trade-off between security enforcement and real-time performance in cyber-physical systems (CPS). It specifically addresses systems operating under weakly-hard real-time constraints, where occasional deadline misses are tolerable but must be bounded. The paper provides a quantitative model to evaluate how security mechanisms, such as encryption or intrusion detection, degrade timing guarantees, and proposes a method to optimize security configurations without violating operational deadlines.

This regulatory change is most relevant to organizations deploying CPS in critical infrastructure sectors, including energy, transportation, manufacturing, and healthcare. Compliance teams in these sectors must now consider that security controls can directly impact system reliability and safety, potentially conflicting with existing real-time performance requirements under frameworks like NIST SP 800-82 or IEC 62443. The publication signals that regulators may soon expect documented evidence of security-performance trade-off analyses for safety-critical systems.

Compliance teams should immediately review their current security implementations in real-time CPS environments to identify potential timing violations. They should begin documenting the security-performance trade-offs for each critical control, using the REPOSE methodology as a reference. Additionally, teams should engage with engineering and safety departments to establish joint risk acceptance criteria for security-induced deadline misses, and prepare for upcoming regulatory guidance that may mandate such quantitative assessments.