Vending machines and aircraft flight-control systems, radiotherapy machines and passenger lifts, medical infusion pumps and industrial robots, railway interlocking systems and radio-controlled toys, computer-controlled machine tools and car-park control systems, chemical plants and heart pacemakers: all of these—and countless other examples—are cyber-physical systems. Some are large, some small; some complex, some simple; some safety-critical, some inconsequential. All are purposeful human constructs: computing machinery has been introduced into the world to interact directly with the physical world outside the computer and to govern its behaviour.
A cyber-physical system is inherently bipartite. The machine executes specially designed software; the governed world comprises those parts and components and occupants of the physical world whose behaviour is governed by interaction with the machine. The system is not the machine alone: it is the two-part combination of the machine with the governed world, and it is their mutual interaction that evokes the system behaviour. Neither can make sense without the other.
The metaphor govern is important here. The governed world may include: parts of the natural world—for example, the earth’s local atmosphere—that may change unpredictably; engineered devices and infrastructure elements—for example, railway track or a road bridge—that may exhibit unexpected faults; and human participants—active or passive—in the system’s behaviour who have their own purposes and may act erratically, capriciously, or even malevolently. The prefix cyber is derived from a Greek word for the steering of a ship. The properties and forces of the vessel, the sea and the weather, must be both respected and exploited to steer the ship in the desired direction. The machine does not control the world unilaterally—although the word control is commonly used. Rather it adapts its own behaviour—and hence also the world’s behaviour—to achieve the system’s purposes. The word govern, with all of its socio-political connotations, reflects the cooperative aspect of this adaptation.
Not every system interacting with the physical world is cyber-physical. Some interact with the world only to monitor or predict its behaviour, leaving it unaffected. A meteorological system is not cyber-physical: it doesn’t change the weather. A car’s GPS navigation system is not cyber-physical: it monitors information about the local road system and the car’s position and trajectory, but it doesn’t drive the car or control the traffic lights. Some systems interact with the world but affect it only indirectly, by producing outputs for interpretation and response by human actors: these, too, fall short of the cyber-physical criterion. The GPS system does not become a cyber-physical system by virtue of advising the driver to change lane or to turn left. In a cyber-physical system, the machine causes physical effects directly, unmediated by any possibility of human intervention.
A cyber-physical system is unlikely to be strictly cyber-physical in all its parts and aspects. Many systems have a core cyber-physical functionality surrounded by more mundane ancillary functions. The core function of a railway control system is governing train movement. One ancillary function captures the current layout of the track in a machine-readable form; another manages a track maintenance schedule and calculates its impact on train services; another displays train arrivals and departures in a station. These ancillary functions are not intrinsically cyber-physical; but in system operation they interact closely with the control function itself, which controls train movements, and this interaction takes place without human intervention. The core control function, with which they are interleaved, imbues the whole system with its cyber-physical character and its critical safety concerns.