Core Research and Innovation Areas
in Cyber-Physical Systems of Systems
Initial Findings of the CPSoS Project
S. Engell1, R. Paulen1, M.A. Reniers2(B
), C. Sonntag3, and H. Thompson4
1Process Dynamics and Operations, TU Dortmund, Dortmund, Germany
2Control Systems Technology, Eindhoven University of Technology (TU/e),
Eindhoven, The Netherlands
3euTeXoo GmbH, Dortmund, Germany
4Haydn Consulting Ltd, Sheﬃeld, UK
Abstract. The CPSoS project is developing a roadmap for future
research and innovation in cyber-physical systems of systems. This paper
presents preliminary ﬁndings and proposals that are put forward as a
result of broad consultations with experts from industry and academia,
and through analysis of the state of the art in cyber-physical systems of
Cyber-physical systems of systems (CPSoS) are large physical systems as, e.g.,
railway systems, the electric grid and production plants that consist of many
interacting physical elements and of distributed IT systems for monitoring, con-
trol, and optimization and interaction with human operators and managers that
are interfaced to the physical system elements and are interconnected via com-
munication networks. These systems are of crucial importance for the welfare of
the citizens of Europe as they represent some of the most important infrastruc-
tures and the backbone of the European economy.
Characteristic features of cyber-physical systems of systems are:
– Complex dynamics,
– Distributed control, supervision and management,
– Partial autonomy of the subsystems,
This project has received funding from the European Union’s Seventh Programme
for research, technological development and demonstration under grant agreement
Springer International Publishing Switzerland 2015
C. Berger and M.R. Mousavi (Eds.): CyPhy 2015, LNCS 9361, pp. 40–55, 2015.
DOI: 10.1007/978-3-319-25141-7 4
Core Research and Innovation Areas in CPSoS 41
– Dynamic reconﬁguration of the overall system on diﬀerent timescales,
– Continuous evolution of the overall system during its operation, and
– Possibility of emerging behaviours.
As cyber-physical systems of systems comprise physical elements as well as
computing systems that are tightly coupled, the engineering and operation of
these systems must build upon theories, tools and knowledge from a large num-
ber of domains, from population dynamics and nonlinear systems theory over
advanced modelling, simulation, optimisation and signal processing to software
engineering, computer networks, validation and veriﬁcation and user interaction.
Knowledge about the physical aspects of the systems as well as about the appli-
cation domains is indispensable to arrive at solutions that are taken up in the
real world. To integrate these diverse research and development communities to
realise the opportunities and to respond to the challenges of large-scale, intercon-
nected, distributed synergistic systems and to mitigate the associated risks and
challenges is the most crucial aspect for a successful future development of the
domain of CPSoS. Relevant theory and tools for CPSoS can only be developed
with awareness and in-depth knowledge of application needs and industry trends.
The CPSoS project (www.cpsos.eu) is a Communication and Support Action
that acts as an exchange platform for systems of systems (SoS) related projects
and communities . One of the main goals of the project is to develop a
European research and innovation agenda on CPSoS. To support this process,
the project has set up three working groups to capture the views of industry and
– Systems of Systems in Transportation and Logistics, led by Haydn Thompson,
Haydn Consulting Ltd, United Kingdom,
– Physically Connected Systems of Systems, led by Sebastian Engell, TU
Dortmund, Germany, and
– Tools for Systems of Systems Engineering and Management, led by Michel
Reniers, Eindhoven University of Technology, Netherlands.
The working groups currently comprise of 36 members, leading specialists from
industry and academia, and include delegates from ongoing EU-funded projects
in the area of SoS to ensure that as many views as possible are represented.
Information about the composition of these working groups can be found via
Based on input from the working group members, and extensive consulta-
tions with domain experts in three public meetings with over 100 participants,
and more than 130 written contributions and interviews, a state of the art docu-
ment was produced (www.cpsos.eu/state-of-the-art,) and the proposals were
synthesized into a ﬁrst research and innovation agenda (www.cpsos.eu/roadmap,
). The agenda describes three main areas of research and development:
1. Distributed, reliable and eﬃcient management of CPSoS,
2. Engineering support for the design-operation continuum of CPSoS, and
3. Cognitive CPSoS.
42 S. Engell et al.
The contents of this paper is based on documents produced in the context of
the CPSoS project [3–5]. An abstract of the research challenges has also been
published in .
Below, these challenges are explained in more detail. First, Sect.2gives an
overview of the properties of CPSoS. The speciﬁc features and challenges of
CPSoS in operation and design are analysed in Sect. 3. Building upon this analy-
sis, the three main areas that have been identiﬁed as key challenges for future
research and innovation are then outlined in Sect. 4. Section 5provides a sum-
mary of the paper.
2 Cyber-Physical Systems of Systems
The concept of systems of systems has been developed to characterize large,
distributed systems that consist of interacting and networked, but partially
autonomous, elements that together can show emergent behaviour [7,9]. Generic
approaches to the analysis, design, management and control of SoS has become
an active domain of research in recent years at the interface of various disciplines,
such as computer science, systems and control, and systems engineering.
Cyber-physical systems are large complex physical systems that interact with
a considerable number of distributed computing elements for monitoring, control
and management. Additionally, they can exchange information between them-
selves and with human users. The elements of the physical system are connected
by the exchange of material, energy, or momentum and/or the use of common
resources (roads, rail-tracks, air space, waterways) while the elements of the con-
trol and management system are connected by communication networks which
may impose restrictions on the frequency and speed of information exchange.
The CPSoS project has reﬁned the above deﬁnitions into the following deﬁ-
Deﬁnition 1. Cyber-physical systems of systems are cyber-physical systems
that exhibit the features of SoS:
– Large, often spatially distributed physical systems with complex dynamics,
– Distributed control, supervision and management,
– Partial autonomy of the subsystems,
– Dynamic reconﬁguration of the overall system on diﬀerent timescales,
– Continuous evolution of the overall system during its operation,
– Possibility of emerging behaviours.
Prominent examples of CPSoS are rail and road transport systems, power plants,
large production facilities, gas pipeline networks, container terminals, water sys-
tems, and supply chains.
Core Research and Innovation Areas in CPSoS 43
3 Features of CPSoS and Industrial Challenges in Their
Development and Operation
In this section the key features that characterise CPSoS are highlighted. This is
put into context of real applications to explain the key challenges faced by indus-
trial developers of such systems. Major challenges are in dealing with constantly
evolving, highly complex systems with distributed management, a mixture of
autonomous and human control interactions, and dynamic reconﬁguration to
deal with local failure management.
3.1 Size and Distribution
CPSoS comprise a signiﬁcant number of interacting components that are (par-
tially) physically coupled and together fulﬁl a certain function, provide a service,
or generate products. The components can provide services independently, but
the performance of the overall system depends on the “orchestration” of the
components. The physical size or geographic distribution of the system are not
essential factors to make it a system of systems, but rather is its complexity.
A factory with many “stations” and materials handling and transportation sys-
tems is structurally not much diﬀerent from a large rail transportation network
that extends over several countries.
A distinguishing feature for a system of systems is that at least some of the
components can provide useful services also independently. So a car engine with
several controllers that are connected by a communication system is a cyber-
physical system, but not a system of systems, as the components only provide a
useful function together with the engine, and there is no local autonomy of the
subsystems but only a distributed deployment of control functions.
3.2 Control and Management
Owing to the scope and the complexity of the overall system or due to the
ownership or management structures, the control and management of CPSoS
cannot be performed in a completely centralized or hierarchical top-down manner
with one authority tightly controlling and managing all the subsystems. Instead,
there is a signiﬁcant distribution of authority with partial local autonomy, i.e.,
partially independent decision making.
The distribution of the management and control structure usually follows the
physical distribution of the system elements. Large systems are always controlled
in a hierarchical and distributed fashion where local “uncertainties”, e.g., the
eﬀects of non-ideal behaviours of components or of disturbances, are reduced
by local control. In CPSoS, there are partly autonomous human or automatic
decision makers that steer the subsystems according to local priorities. The
“managerial element” of the components of the management and control sys-
tems in CPSoS goes beyond classical decentralized control where decentralized
controllers control certain variables to externally set reference values.
44 S. Engell et al.
Communication between the physical sub-systems and the control and man-
agement of sub-systems takes place via sensors and actuators and various types
of communication channels, from wires to connections over the internet that
may be unreliable or have limited bandwidth. The elements of the management
and control systems similarly communicate via suitable channels. Internet com-
munication mechanisms and wireless channels have provided a much greater
connectivity of distributed system elements and this trend will continue (“Inter-
net of Things”). Research and innovation in CPSoS is about how to use this
connectivity for better management and control of the overall SoS. Internet con-
nectivity adds a signiﬁcant element of ﬂexibility but also of vulnerability to
technical systems that can have consequences that go far beyond issues of pri-
vacy, as potentially large damages (accidents, power outages, standstills) can
be caused. Therefore, security against unauthorized access is a major system
issue, and detection of manipulated signals or commands are important aspects
of CPSoS design.
For CPSoS, the management of the overall system as well as of its sub-systems
will usually not only be driven by technical criteria but rather by economic,
social, and ecologic performance indicators, e.g., proﬁtability, acceptance, sat-
isfaction of users, and environmental impact. CPSoS are managed by humans,
and many performance criteria concern providing services to human users. Thus,
CPSoS have to be addressed as socio-technical systems with the speciﬁc feature
of a large technical/physical structure that determines and constrains the behav-
iour of the system to a large extent.
3.3 Partial Autonomy
Partial autonomy of the subsystems both in terms of their independent ability to
provide certain services and of partial autonomy of their control and management
systems is essential in the deﬁnition of CPSoS. Often, the sub-systems can exhibit
selﬁsh behaviour with local management, goals, and preferences. The autonomy
can in particular result from human users or supervisors taking or inﬂuencing
the local decisions.
Autonomy is understood as the presence of local goals that cannot be fully
controlled on the system of systems level. Rather, incentives or constraints are
given to the subsystem control in order to make it contribute to the global
system targets. An example is the operation of units of a chemical plant that
consume and produce steam as a necessary resource or by-product of their main
task. Their operators or managers run their processes autonomously to achieve
local goals and meet local targets. The site owner/operator sets mechanisms
to negotiate about the steam generation/consumption and in doing so provides
suitable incentives so that the global proﬁt of the site is maximized.
Autonomy can lead to self-organizing systems: Consider the ﬂow of cars in a
city when there is a new construction site. Due to their autonomous intelligence,
the drivers seek new paths, quite predictably, and after a few days each one
Core Research and Innovation Areas in CPSoS 45
re-optimizes her or his route to minimize travel time, and a new ﬂow pattern
establishes itself. This may not be provably optimal, but the autonomous actions
of the “agents” lead to resilience of the overall system.
3.4 Dynamic Reconﬁguration
Dynamic reconﬁguration, i.e., the frequent addition, modiﬁcation or removal of
components is a widespread phenomenon in CPSoS. This includes systems where
components come and go (like in air traﬃc control) as well as the handling of
faults and the change of system structures and management strategies following
changes of demands, supplies or regulations.
Fault detection and handling of errors or abnormal behaviours is a key issue
in CPSoS design and operation. Due to the large scale and the complexity of
CPSoS, failures occur all the time. The average system performance, as well
as the degree of satisfaction of the users, is strongly aﬀected by the impact of
unforeseen events and outer inﬂuences that require non-continuous actions and
cannot be compensated on the lower system levels. There is a massive need
for detecting such situations quickly and, if possible, preventing them, and for
fail-soft mechanisms and resiliency and fault tolerance at the systems level. The
handling of faults and abnormal behaviour is challenging from a systems design
point of view. In many cases it cannot be done optimally by a design based on
separation of concerns but requires a trans-layer design of the reaction to such
Living cells with their multiple metabolic pathways are an example of a
system that has optimized its ability to reconﬁgure itself to cope with changing
conditions (availability of nutrients and other external factors) by keeping many
options (metabolic pathways) intact and being able to switch between them.
They may be used as a paradigm for the design of resilient CPSoS that do not
operate in a strictly controlled environment.
3.5 Continuous Evolution
CPSoS are large systems that operate and are continuously improved over long
periods of time. In many systems, from railways to chemical plants, the hardware
(real physical hardware) infrastructure “lives” for 30 or more years, and new
functionalities or improved performance have to be realized with only limited
changes of many parts of the overall system. Management and control software as
well usually has long periods of service, while the computing hardware base and
the communication infrastructure change much more rapidly. Components are
modiﬁed, added, the scope of the system may be extended or its speciﬁcations
changed. So engineering to a large extent has to be performed at runtime.
The V-model paradigm with consecutive phases: requirements – modelling –
model-based design – veriﬁcation – validation – commissioning – operation –
dismantling, is not applicable in its pure form to SoS where the requirements
change during operation. There is a need for a scientiﬁc foundation to handle
multi-layer operations and multiple life-cycle management.
46 S. Engell et al.
Speciﬁcation needs to be particularly thorough in the context of SoS, and
should be as simply and clearly articulated as possible. Testing also needs to
be thorough in the context of real SoS and must include also “mis-use cases”.
Once rolled out, operating and maintaining a system of systems requires a good
knowledge of the “as-deployed-and-conﬁgured” system’s physical, functional and
behavioural conﬁguration. Here the aviation industry has great experience.
When a new system is developed and deployed, the two activities of design
and operational management usually can clearly be distinguished and often dif-
ferent groups of people are responsible for them. But later, the distinction is
blurred, the experience gained in (day-to-day) management must be taken into
account in revisions, extensions etc. The operational management must also take
care of the implementation of engineered changes in a running system. Validation
and veriﬁcation has to be done “on the ﬂy”. This integration strengthens the
role of models in both engineering processes. Up-to-date (because continuously
updated) models of the running operation can be used for both purposes. The
engineering of system of systems requires methods and tools that can be used
seamlessly during design as well as operation (design-operations continuum).
3.6 Possibility of Emerging Behaviours
Emerging behaviours are an issue that is highly disputed. It is a simple and often
stated fact that the system as a whole is more than its parts and can provide
services that the components cannot provide autonomously. Sometimes the term
emerging behaviour is used for the consequences of simple dynamic interactions,
e.g., that a feedback loop that consists of stable subsystems may become unstable
(and vice versa), or of design ﬂaws due to an insuﬃcient consideration of side-
eﬀects. The term emerging behaviour however seems more appropriate for the
occurrence of patterns, oscillations or instabilities on a system-wide level, as
it may occur in large power systems or in transportation systems, and to self-
organization and the formation of structures in large systems.
Emerging behaviour should be distinguished from cascades of failures, like if
a traﬃc jam on one motorway leads to one on the alternative route. However, if
faults lead to instabilities and possible breakdowns of a large system due to “long-
range interactions” in the system, like in power blackouts, then this can be called
emerging behaviour. Emerging behaviour should be addressed both from the side
of system analysis under which conditions does emerging behaviour occur and
from the side of systems design how can suﬃcient resiliency be built into the
system such that local variations, faults, and problems can be absorbed by the
system or be conﬁned to the subsystem aﬀected and its neighbours and do not
trigger cascades or waves of problems in the overall system. Formal veriﬁcation
(e.g., assume/guarantee reasoning) as well as dynamic stability analysis for large-
scale systems are possible approaches to prove the non-existence of unwanted
Core Research and Innovation Areas in CPSoS 47
3.7 Enabling Technologies and Methodologies
In order to build and to operate CPSoS, knowledge and technologies from many
domains are needed. We distinguish between enabling technologies that are
required to realize CPSoS but are developed independently and for a broad
range of purposes, and core technologies that are speciﬁc and have to be specif-
ically developed for CPSoS. The following are examples of enabling technolo-
– Communication technologies and communication engineering. Standardized
protocols, exploiting the Internet of Things, e.g., interactions between phone
and car, to provide new functionality/services, LiFi light communications.
– Computing technologies, high-performance and distributed computing. Mul-
ticore computing and new computer architectures to deal with more data and
provide localised processing, low power processing for ubiquitous installation
(with energy harvesting supplies), ability to implement mixed criticality on
– Sensors, e.g., energy harvesting, Nano NEMs sensors - the next generation
– Management and analysis of huge amounts of data (“big data”).
– Human-machine interfaces, e.g., head up displays, display glasses, polymer
electronics and organic LEDs to display information.
– Dependable computing and communications.
– Security of distributed/cloud computing and of communication systems.
Research and innovation in these areas contributes strongly to the ability to
build more eﬃcient and more reliable CPSoS, but have broader applications and
includes investigating how to best make use of these technologies and to trigger
and jointly perform speciﬁc developments related to CPSoS.
4 Key Research and Innovation Challenges in CPSoS
In this section, the identiﬁed key research and innovation challenges in the engi-
neering and management of CPSoS are introduced.
4.1 Distributed, Reliable and Eﬃcient Management of CPSoS
Due to the scope and the complexity of CPSoS as well as due to ownership
or management structures, the control and management tasks in such systems
cannot be performed in a centralized or hierarchical top-down manner with one
authority tightly controlling all subsystems. In CPSoS, there is a signiﬁcant dis-
tribution of authority with partial local autonomy. An illustrative example of
such a system is a self-organizing automation system for coordinating smart
components within the grid as presented in . See Fig. 1for an illustrative
example. The design of such management systems for reliable and eﬃcient man-
agement of the overall systems poses a key challenge in the design and operation
48 S. Engell et al.
Fig. 1. Self-Organizing energy automation systems: coordinating smart components
within the grid, from .
The following sub-topics should be addressed:
– Decision structures and system architectures,
– Self-organization, structure formation, and emergent behaviour in technical
– Real-time monitoring, exception handling, fault detection and mitigation of
faults and degradation,
– Adaptation and integration of new components,
– Humans in the loop and collaborative decision making, and
– Trust in large distributed systems.
Decision Structures and System Architectures. The interaction and
coordination of dynamic systems with partial autonomy in SoS, possibly with
dynamic membership, must be studied broadly. Examples of applicable meth-
ods are population dynamics and control and market-based mechanisms for the
distribution of constraining resources. The partial autonomy of the components
from the overall system of systems perspective leads to uncertainty about the
behaviour of the subsystems. Therefore the system-wide coordination must take
into account uncertain behaviour and must nonetheless guarantee an acceptable
performance of the overall system. Stochastic optimization and risk management
must be developed for CPSoS. It must be understood better how the manage-
ment structure (centralized, hierarchical, distributed, clustered) inﬂuences sys-
tem performance and robustness.
Core Research and Innovation Areas in CPSoS 49
Self-Organization, Structure Formation, and Emergent Behaviour in
Technical SoS. Due to local autonomy and dynamic interactions, CPSoS can
realize self-organization and exhibit structure formation and system-wide insta-
bility, in short, emergent behaviour. The prediction of such system-wide phenom-
ena is an open challenge at the moment. Distributed management and control
methods must be designed such that CPSoS do not show undesired emerging
behaviour. Inputs from the ﬁeld of dynamic structure or pattern formation in
large systems with uncertain elements must be combined with classical stability
analysis and assume-guarantee reasoning. Methods must be developed such that
suﬃcient resiliency is built into the system so that local variations, faults, and
problems can be absorbed by the system or be conﬁned to the subsystem aﬀected
and its neighbours and no cascades or waves of disturbances are triggered in the
Real-Time Monitoring, Exception Handling, Fault Detection, and
Mitigation of Faults and Degradation. Due to the large scale and the
complexity of CPSoS, the occurrence of failures is the norm. Hence there is a
strong need for mechanisms for the detection of abnormal states and for fail-soft
mechanisms and fault tolerance by suitable mechanisms at the systems level.
Advanced monitoring of the state of the system and triggering of preventive
maintenance based on its results can make a major contribution to the reduc-
tion of the number of unexpected faults and to the reduction of maintenance
costs and downtime. Faults may propagate over the diﬀerent layers of the man-
agement and automation hierarchy. Many real-world SoS experience cascading
eﬀects of failures of components. These abnormal events must therefore be han-
dled across the layers.
Adaptation and Integration of New or Modiﬁed Components. CPSoS
are operated and continuously improved over long periods of time. New function-
alities or improved performance have to be realized with only limited changes
of many parts of the overall system. Components are modiﬁed and added, the
scope of the system may be extended or its speciﬁcations may be changed. So
engineering to a large extent has to be performed at runtime. Additions and
modiﬁcations of system components are much facilitated by plug-and-play capa-
bilities of components that are equipped with their own management and control
systems (decentralized intelligence).
Humans in the Loop and Collaborative Decision Making. HMI concepts,
i.e., ﬁltering and appropriate presentation of information to human users and
operators are crucial for the acceptance of advanced computer-based solutions.
Human interventions introduce an additional nonlinearity and uncertainty in the
system. Important research issues are the human capacity of attention and how
to provide motivation for suﬃcient attention and consistent decision making. It
must be investigated how the capabilities of humans and machines in real-time
50 S. Engell et al.
monitoring and decision making can be combined optimally. Future research
on the monitoring of the actions of the users and anticipating their behaviours
and modelling their situation awareness is needed. Social phenomena (e.g., the
dynamics of user groups) must also be taken into account.
Trust in Large Distributed Systems. Cyber-security is a very important
element in CPSoS. A speciﬁc challenge is the recognition of obstructive injections
of signals or takeovers of components in order to cause malfunctions, suboptimal
performance, shutdowns or accidents, e.g., power outages. The detection of such
attacks requires taking into account both the behaviour of the physical elements
and the computerized monitoring, control and management systems. In the case
of the detection of insecure states, suitable isolation procedures and soft (partial)
shut-down strategies must be designed.
4.2 Engineering Support for the Design-Operation
Continuum of CPSoS
While model-based design methods and tools have been established in recent
years in industrial practice for traditional embedded systems, the engineering of
CPSoS poses key challenges that go beyond the capabilities of existing method-
ologies and tools for design, engineering, and validation. These challenges result
directly from the constitutive properties of CPSoS:
– CPSoS are continuously evolving which softens, or even completely removes,
the traditional separation between the engineering/design phases and the
– The high degree of heterogeneity and partial autonomy of CPSoS requires
new, fully integrated approaches for their design, validation, and operation,
– CPSoS are highly ﬂexible and thus subject to frequent, dynamic reconﬁgu-
ration, which must be supported by design support tools to enable eﬃcient
– Failures, abnormal states, and unexpected/emerging behaviours are the norm
in CPSoS, and
– CPSoS are socio-technical systems in which machines and humans interact
The eﬃcient design and operation of such systems requires new design support
methodologies and software tools in the following areas:
– Integrated engineering of CPSoS over their full life cycle,
– Modelling, simulation, and optimization of CPSoS,
– Establishing system-wide and key properties of CPSoS.
Integrated Engineering of CPSoS over Their Full Life Cycle. The dis-
appearance of the separation between the design and engineering phases and
the operational stage necessitates new engineering frameworks that support the
Core Research and Innovation Areas in CPSoS 51
Fig. 2. DANSE system engineering life cycle, from .
speciﬁcation, adaptation, evolution, and maintenance of requirements, structural
and behavioural models, and realizations not only during design, but over their
complete life cycle.
An example of such a life cycle is the DANSE system engineering life cycle
showninFig.2which features a continuous SoS management phase . The
challenges in rolling out SoS are the asynchronous life cycles of the constituent
parts and also the fact that many components are developed independently and
that legacy systems may only be described insuﬃciently.
New engineering frameworks must enable the engineers to design fault-
resilient management and control architectures by an integrated cross-layer
design that spans all levels of the design and of the automation hierarchies, and
by providing model-based analysis facilities to detect design errors early and
to perform risk management. Such engineering frameworks must be integrated
closely with industrial infrastructure (e.g., databases, modelling and simulation
tools, execution and runtime systems, ...).
CPSoS usually are not designed and maintained by a single company, but
instead many providers of tools and hardware may be involved. Thus, collabo-
rative engineering and runtime environments are essential that enable providers
to jointly work on aspects of the CPSoS while competing on others. Integra-
tion must be based on open, easy-to-test interfaces and platforms that can be
accessed by all component providers. Methods and software tools must provide
semantic integration to simplify the interactions of existing systems as well as
the deployment of new systems.
The advantages of these new CPSoS technologies may not be immediately
apparent to industrial users, in particular in smaller companies. Thus, the
demonstration of industrial business cases and application results that clearly
illustrate the beneﬁts of these technologies is an important goal.
52 S. Engell et al.
Modelling, Simulation, and Optimization of CPSoS. Challenges in mod-
elling and simulation are the high cost for building and maintaining models,
modelling of human users and operators, simulation and analysis of stochastic
behaviour, and setting up models that include failure states and the reaction to
abnormal situations for validation and veriﬁcation purposes. Key for the adap-
tation of models during the life cycle of a system and for reduced modelling
cost are methodologies and software tools for model management and for the
integration of models from diﬀerent domains. Such model management requires
Eﬃcient simulation algorithms are needed to enable the system-wide sim-
ulation of large heterogeneous models of CPSoS, including dynamic on-the-ﬂy
reconﬁguration of the simulation models that represent the reconﬁguration of
the underlying CPSoS. For performance and risk analysis, global high-level mod-
elling and simulation of CPSoS is necessary including stochastic phenomena and
the occurrence of abnormal states.
The model-based development of SoS necessitates collaborative environments
for competing companies and the integration of legacy systems simulation as well
as open approaches for tight and eﬃcient integration and consolidation of data,
models, engineering tools, and other information across diﬀerent platforms. New
business models may lead to a situation where for potential system components
simulation models are delivered such that the overall system can be designed
based on these models.
The real potential of model-based design is only realized if the models can
be coupled to optimization algorithms. Single-criterion optimization of complex
systems, including dynamic systems that are described by equation-based mod-
els has progressed tremendously in the recent decade. The next steps will be
to develop eﬃcient optimization tools for heterogeneous models, to progress
towards global optimization and to use multi-criterion optimization in order
to explore the design space.
Establishing System-Wide and Key Properties of CPSoS. Establish-
ment, validation, and veriﬁcation of key properties of CPSoS is an important
challenge. New approaches are needed for dynamic requirements management
during the continuous evolution of a CPSoS, ensuring correctness by design dur-
ing its evolution, and for veriﬁcation especially on the system of systems level.
New algorithms and tools should enable the automatic analysis of complete,
large-scale, dynamically varying and evolving CPSoS. This includes formal lan-
guages and veriﬁcation techniques for heterogeneous distributed hybrid systems
including communication systems, theory for successive reﬁnements and abstrac-
tions of continuous and discrete systems so that validation and veriﬁcation at dif-
ferent levels of abstraction are correlated, and the joint use of assume-guarantee
reasoning and simulation-based (Monte Carlo) and exhaustive (model checking)
Core Research and Innovation Areas in CPSoS 53
4.3 Cognitive CPSoS
SoS by their very nature are large, distributed and extremely complex presenting
a myriad of operational challenges. To cope with these challenges there is a
need for improved situational awareness [2,8]. Gaining an overview of the entire
SoS is inherently complicated by the presence of decentralized management and
control. The introduction of cognitive features to aid both operators and users
of complex CPSoS is seen as a key requirement for the future to reduce the
complexity management burden from increased interconnectivity and the data
deluge presented by increasing levels of data acquisition. This requires research in
a number of supporting areas to allow vertical integration from the sensor level to
supporting algorithms for information extraction, decision support, automated
and self-learning control, dynamic reconﬁguration features and consideration
of the socio-technical interactions with operators and users. The following key
subtopics have been identiﬁed as being necessary to support a move to cognitive
– Situation awareness in large distributed systems with decentralized manage-
ment and control
– Handling large amounts of data in real time to monitor the system perfor-
mance and to detect faults and degradation
– Learning good operation patterns from past examples, auto-reconﬁguration
– Analysis of user behaviour and detection of needs and anomalies
Situation Awareness in Large Distributed Systems with Decentralized
Management and Control. In order to operate a system of systems eﬃciently
and robustly there is a need to detect changes in demands and operational
conditions (both of the equipment and outer factors) and to deal with anomalies
and failures within the system. This can only be achieved via the introduction of
much greater levels of data acquisition throughout the CPSoS and the use of this
data for optimization, decision support and control. Here a key enabler is the
introduction of novel, easy to install, low cost, sensor technologies and monitoring
concepts. If wireless monitoring is to be used there is also a need for ultra-low
power electronics and energy harvesting technologies to avoid the need for, and
associated maintenance costs of, battery change. An increase in data gathering
will also require robust wired and wireless communication protocols that can
deal with eﬃcient transmission of individual data values from a multitude of
sensors to streaming of data at high data rates, e.g., for vibration and video
Handling Large Amounts of Data in Real Time to Monitor the System
Performance and to Detect Faults and Degradation. A challenge for the
future will be the physical system integration of highly complex data acquisition
systems and the management of the data deluge from the plethora of installed
sensors and the fusion of this with other information sources. This will require
54 S. Engell et al.
analysis of large amounts of data in real time to monitor system performance
and to detect faults or degradation. Here there is a need for visualization tools to
manage the complexity of the data produced allowing managers to understand
the “real world in real time”, manage risk and make informed decisions on how
to control and optimize the system.
Learning Good Operation Patterns from Past Examples, Auto-
Reconﬁguration, and Adaptation. There is a great opportunity to aid
system operators by incorporating learning capabilities within decision support
tools to identify good operational patterns from past examples. Additionally, to
deal with the complexity of managing system faults, which is a major burden
for CPSoS operators, auto-reconﬁguration and adaptation features can be built
into the system.
Analysis of User Behaviour and Detection of Needs and Anomalies.
CPSoS are socio-technical systems and as such humans are an integral element
of the system. SoS thus need to be resilient to the eﬀects of the natural unpre-
dictable behaviour of humans. There is thus a need to continuously analyse user
behaviour and its impact upon the system to ensure that this does not result in
The end result of combining real world, real-time information for decision
support with autonomous control and learning features will be to provide cog-
nitive CPSoS that will support both users and operators, providing situational
awareness and automated features to manage complexity that will allow them
to meet the challenges of the future.
After a thorough investigation of the state of the art in the domains of trans-
portation and logistics, electrical grids, processing plants, smart buildings, dis-
tribution networks and methods and tools for the engineering and management
of CPSoS and discussions and consultations with stakeholders in the domains
from industry and from academia, the project CPSoS has identiﬁed three core
research and innovation areas for the next decade:
1. Distributed, reliable and eﬃcient management of CPSoS,
2. Engineering support for the design-operation continuum of CPSoS, and
3. Cognitive CPSoS.
Important long-term research topics in these domains have been described
above. CPSoS will continue to raise awareness about cyber-physical systems of
systems and their importance for the welfare of Europe and will propose also
shorter term research and innovation topics for national and European research
and innovation funding.
Core Research and Innovation Areas in CPSoS 55
1. B¨ose, C., Hoﬀmann, C., Kern, C., M., M.: New principles of operating electri-
cal distribution networks with a high degree of decentralized generation. In: 20th
International Conference on Electricity Distribution, Prague (2009)
2. Broy, M., Cengarle, M.V., Geisberger, E.: Cyber-physical systems: imminent chal-
lenges. In: Calinescu, R., Garlan, D. (eds.) Monterey Workshop 2012. LNCS, vol.
7539, pp. 1–28. Springer, Heidelberg (2012)
3. CPSoS Consortium: Cyber-Physical Systems of Systems – deﬁnition and core
research and innovation areas (2014). http://www.cpsos.eu/wp-content/uploads/
2015/07/CPSoS-Scope- paper- vOct-26-2014.pdf
4. CPSoS Consortium: Cyber-Physical Systems of Systems: Research and innovation
priorities (2015). http://www.cpsos.eu/roadmap
5. CPSoS Consortium: D2.4 Analysis of the state-of-the-art and future challenges in
Cyber-physical Systems of Systems (2015). http://www.cpsos.eu/state-of-the-art
6. DANSE project: Deliverable D4.4 DANSE methodology V03 (2015)
7. Jamshidi, M. (ed.): Systems of Systems Engineering: Principles and Applications.
CRC Press, Boca Raton (2008)
8. van de Laar, P., Tretmans, J., Birth, M. (eds.): Situation Awareness with Systems
of Systems. Springer, Heidelberg (2013)
9. Maier, M.W.: Architecting principles for system of systems. Syst. Eng. 1(4),
10. Reniers, M.A., Engell, S.: A European roadmap on cyber-physical systems of sys-
tems. ERCIM News 2014(97), 21–22 (2014)
11. Reniers, M.A., Engell, S., Thompson, H.: Core research and innovation areas in
cyber-physical systems of systems. ERCIM News 2015(102) (2015)