(355a) Control System Cyberattack Resilience and Discoverability for Nonlinear Systems with Changing Dynamics

Control system cyberattacks are a concern for safe and profitable operation of chemical processes, yet goals of more flexible and cheaper operating strategies may conflict with the goal of maintaining adequate cybersecurity practices. Therefore, a variety of works focused on control have developed strategies for probing for attacks to determine whether they are occurring (e.g., [1]), for detecting attacks (e.g., [2]), and for handling attacks (e.g., [3,4]). However, attacks have the potential to be “stealthy” [5] in the sense that they may prevent certain attack detection mechanisms from locating them, creating potential difficulties for maintaining safety and profitability in the presence of the undiscovered attack. A second potential challenge for attack detection is distinguishing attacks from changes in the underlying process dynamics. For example, [6] proposes the use of a strategy for attack detection that compares predictions of the process state with process state measurements and provides guarantees that the closed-loop state will be maintained within a characterizable region of state-space for a characterizable timeframe after an attack that is not detected via this strategy occurs ([6] uses an optimization-based control framework known as Lyapunov-based economic model predictive control (LEMPC) [7] in this context). However, when the underlying dynamics change, it would be expected that the process state predictions may no longer match the process state measurements; therefore, it becomes more difficult to tell whether the mismatch in process state predictions and measurements is the result of an attack on the process sensors, for example, or is the result of process dynamics changes over time.

Motivated by these considerations, this work elucidates properties of cyberattack discoverability for nonlinear systems, both in the presence of changing and of unchanging process dynamics. In the case of changing process dynamics, cyberattack discoverability is discussed for an approach for updating the dynamics which extends prior work in [8,9] to provide conditions under which closed-loop stability under LEMPC can be maintained when the underlying process dynamics change over time for a nonlinear process. In [8], the process model must be re-identified within a certain time period after the closed-loop state leaves a characterizable region of state-space which it should not leave unless the process dynamics have changed. Due to difficulties in distinguishing process dynamics changes from sensor measurement cyberattacks, we discuss methods for adjusting this model update-triggering procedure to attempt to gain greater resilience of the control system against cyberattacks on the sensors (in the sense that the attacks can be detected or if not detected, cannot cause the closed-loop state to leave a bounded region of operation for at least some time period after the attack). Three detection strategies based on probing, state prediction-based attack flagging, and state estimate-based attack flagging are evaluated for their benefits and limitations in achieving these goals. A chemical process example involving a continuous stirred tank reactor is used to illustrate the developments.

[1] Satchidanandan, B. and P. R. Kumar. “Dynamic watermarking: Active defense of networked cyber-physical systems,” Proceedings of the IEEE, 105, 219-240, 2016.

[2] Wu, Z., F. Albalawi, J. Zhang, Z. Zhang, H. Durand and P. D. Christofides, "Detecting and Handling Cyber-Attacks in Model Predictive Control of Chemical Processes," Mathematics, 6, 173, 22 pages, 2018.

[3] Wu, Z., S. Chen, S., D. Rincon and P. D. Christofides. “Post cyber-attack state reconstruction for nonlinear processes using machine learning,” Chemical Engineering Research and Design, 159, 248-261, 2020.

[4] Sun, Q., K. Zhang and Y, Shi. "Resilient Model Predictive Control of Cyber–Physical Systems Under DoS Attacks." IEEE Transactions on Industrial Informatics,16, 4920-4927, 2019.

[5] A. A. Cárdenas, S. Amin, Z.-S. Lin, Y.-L. Huang, C.-Y. Huang and S. Sastry, “Attacks against process control systems: Risk assessment, detection, and response,” In Proceedings of the ACM Asia Conference on Computer & Communications Security, Hong Kong, China, 2011.

[6] Durand, H. and M. Wegener. "Mitigating Safety Concerns and Profit/Production Losses for Chemical Process Control Systems under Cyberattacks via Design/Control Methods," Mathematics, 8, 499 (38 pages), 2020.

[7] M. Heidarinejad, J. Liu and P. D. Christofides. Economic model predictive control of nonlinear process systems using Lyapunov techniques, AIChE Journal, 58:855-870, 2012.

[8] Durand, H. "Responsive Economic Model Predictive Control for Next-Generation Manufacturing," Mathematics,8, 259 (38 pages), 2020.

[9] Rangan, K. K. and H. Durand. "Lyapunov-based Economic Model Predictive Control with Taylor Series State Approximations," In Proceedings of the 2020 American Control Conference, Denver, Colorado, 1980-1985, 2020.