(245d) Detectability-Based Controller Design Screening for Multiplicative Sensor-Controller Attacks
AIChE Annual Meeting
2021
2021 Annual Meeting
Topical Conference: Next-Gen Manufacturing
Cybersecurity and High-Performance Computing in Next-Gen Manufacturing
Tuesday, November 9, 2021 - 9:09am to 9:32am
One way an attack may affect a PCS is by manipulating data sent over communication links between the PCS components. While detectability of cyberattacks affecting the PCS communication links may be considered a systems-theoretic property, it is possible for certain controller design parameters to mask the impact of cyberattacks from certain detection schemes. These cyberattacks, called zero-alarm attacks, keep the alarm rate at zero and are particularly challenging to address. However, based on the knowledge of the impact that controller design parameters have on the detectability of an attack, it may be possible to design a controller that does not result in a zero-alarm attack.
Existing control system design criteria typically account for aspects such as closed-loop stability of the process, process economics and robustness to uncertainty [7,8]. However, they do not account for cybersecurity considerations. In this work, we present a novel approach to incorporating the detectability of a cyberattack into the control system design. Specifically, we present a controller screening methodology intended to aid a control designer in identifying and discarding controller and observer design parameters that lead to a multiplicative zero-alarm sensor-controller attack of a certain magnitude on a PCS. We establish the definitions of undetectable (zero-alarm) and potentially detectable attacks for a particular class of residual-based detection schemes. Then, for a given magnitude of multiplicative attack and choice of controller design parameters, we characterize a minimum invariant residual set-based condition that can be used to determine whether the multiplicative attack is undetectable. Leveraging the developed condition, we then present a controller design screening methodology that aids in the identification of controller design parameters leading to undetectable attacks of a certain magnitude. Thus, a controller design that is selected based on the screening methodology ensures that an attack of the chosen magnitude is potentially detectable with respect to the class of residual-based detection schemes considered. Finally, we demonstrate the application of the detectability-based controller screening methodology using a chemical process example.
References:
[1] K. E. Hemsley, E. Fisher et. al., âHistory of industrial control system cyber incidentsâ, Idaho National Laboratory (INL), Idaho Falls, ID (United States), Tech. Rep. INL/CON-18-44111, 2018.
[2] H. Kayan, M. Nunes, O. Rana, P. Burnap, and C.Perera, âCybersecurity of industrial cyber-physical systems: A reviewâ, arXiV:2101.03564.2021.
[3] S. Chen, Z. Wu and P.D. Christofides, âA cyber-secure control-detector architecture for nonlinear processesâ, AIChE Journal, vol. 66, no. 5, p. e16907, 2020.
[4] H. Durand and M. Wegener, âMitigating cyberattack impacts using Lyapunov-based economic model predictive controlâ, in Proceedings of the American Control Conference, Virtual, 1-3 July 2020, pp. 1894-1899.
[5] J. Giraldo, D. Urbina, A. Cárdenas, J. Valente, M. Faisal, J. Ruths, N. O. Tippenhauer, H. Sandberg and R. Candell, âA survey of physics-based attack detection in cyber-physical systemsâ, ACM Computer Surveys, vol. 51, no. 4, pp. 76:1 â 76:36, 2018.
[6] N. Hashemi and J. Ruths, âCo-design for security and performance: LMI toolsâ, arXiv:1909.12452, 2019.
[7] P.D. Christofides, N. H. El-Farra, âControl of nonlinear and hybrid process systems: Designs for uncertainty, constraints and time-delaysâ, Vol. 324, Springer Science & Business Media, 2005.
[8] J.A. Romagnoli, A. Palazoglu, âIntroduction to process controlâ, CRC press, 2020.