What is the difference between CPS and IoT?

IoT is a broader category of internet-connected devices that collect and transmit data. CPS is a subset of IoT and OT where the computational system directly controls physical processes. All CPS are IoT/OT devices, but not all IoT devices are CPS — a temperature sensor reports data but doesn't control physical processes. CPS are the highest-consequence category of connected devices because compromise can cause physical harm.

Definition

Cyber-Physical System (CPS)

A system where computing and physical processes are tightly coupled. Compromising a cyber-physical system can mean equipment failure, patient harm, production shutdown, or infrastructure damage.

What is Cyber-Physical System (CPS)?

A system where computing and physical processes are tightly coupled. Compromising a cyber-physical system can mean equipment failure, patient harm, production shutdown, or infrastructure damage.

A cyber-physical system (CPS) is one where computational processes directly interact with and control physical processes. Industrial robots that execute precise manufacturing tolerances, autonomous vehicles that navigate public roads, medical devices that deliver precise drug doses, power grid controllers that balance load — all are cyber-physical systems. The defining characteristic is the tight coupling between the digital control layer and the physical outcome: what happens in software directly affects what happens in the physical world.

This coupling is what makes CPS security categorically different from conventional IT security. A compromised email server means data exposure. A compromised CPS can mean equipment destruction, patient harm, environmental damage, or infrastructure failure. The 2010 Stuxnet attack — which targeted Siemens PLCs controlling Iranian centrifuges and caused physical equipment damage — was the first confirmed cyber weapon that achieved physical effects through CPS manipulation. It was not the last.

Security for cyber-physical systems must balance protection against operational continuity with far greater care than IT security. Taking an enterprise workstation offline for patching is an inconvenience. Taking a power plant controller or a hospital ventilator offline requires weeks of planning, regulatory approval, maintenance windows, and backup arrangements. Security measures that introduce even a small probability of operational disruption face high resistance from operations teams — and rightly so in systems where failures have physical consequences.

Key Facts

Cyber-physical attacks against critical infrastructure increased 300% between 2018 and 2022
Stuxnet demonstrated in 2010 that CPS compromise can cause direct physical equipment destruction
Healthcare CPS attacks have contributed to documented adverse patient outcomes
Gartner predicts that CPS attacks will result in fatalities by 2025 if security investment doesn't increase

How ORDR Addresses Cyber-Physical System (CPS)

ORDR is purpose-built for cyber-physical environments. Its passive, non-intrusive monitoring approach ensures that CPS devices — PLCs, RTUs, medical controllers, SCADA systems — are never disrupted by security operations. ORDR provides the visibility needed to detect threats to CPS before they manifest as physical incidents, and generates policy recommendations that are safe to implement in operational environments.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Protect your operational technology.

ORDR discovers and monitors every OT asset in real time—even legacy PLCs and SCADA systems that cannot run agents.

REQUEST A DEMO OT Security Solutions