(702e) A Methodology for Control Configuration Screening for Cyberattack Identification in Process Systems

Process Control Systems (PCS) represent a class of cyber-physical systems that integrate physical processes, computational resources, and communication capabilities. Recent incidents of various industrial security breaches have highlighted the vulnerability of cyber-physical systems to cyberattacks, particularly targeting their data management and communication layers [1]. Among the various attack vectors, one particularly concerning avenue is the infiltration of communication links within PCS. Specifically, cyber-attackers may gain access to the control system network and then alter the data communicated over the sensor-controller or the controller-actuator links, resulting in performance degradation or, worse, instability [1, 2, 3]. While cyberattack threats to PCS have traditionally been treated as information technology (IT) issues and addressed through IT infrastructure-based strategies, the increased frequency of cyberattacks has revealed the inadequacy of such approaches and the need for complementary approaches utilizing operational technology (OT)-based strategies. Consequently, OT-based approaches for the design of PCS that are resilient to cyberattacks have received increased attention recently [3].

OT-based approaches to the design of cyber-resilient PCS require the development of attack detection and identification schemes. Attack detection schemes aim to detect the presence of an attack by identifying abnormal operating behavior from normal operations [4]. Different strategies have been proposed for attack detection, including various data-based approaches (see [2, 3, 4] for recent surveys). Moreover, the influence of control system parameters on the ability of a detection scheme to detect an attack has been established [5] and used as the basis for the development of active attack detection schemes [6].

Attack identification schemes, on the other hand, are aimed at revealing the compromised components of the system, isolating the attacks from other disturbances, and/or estimating the severity of the attacks [7]. Results on the identification of cyberattacks in PCS are limited at present, especially when compared with the extensive body of research work on the problem of attack detection. Examples of existing contributions include the development of data-based (e.g., [8, 9]) and model-based methods (e.g., [10]) for attack isolation.

While exploiting process model knowledge for attack identification is justified in light of the increasing use of model-based controllers, the ability of model-based attack identification schemes to distinguish between attacks and other disturbances, or between different kinds of attacks, rests fundamentally on the underlying process structure captured by the process model. This structure determines the channels through which the various process inputs influence the process outputs. In this context, the selection of the control system structure has the potential to play an important role in enabling the isolation of certain attacks by capitalizing on the underlying process structure. At this stage, however, a rigorous characterization of the connection between the choice of the control system structure and the ability of an identification scheme to isolate attacks remains unexplored. The current work aims to bridge this gap.

Motivated by these considerations, we focus in the present work on the problem of attack isolation in processes subject to false-data injection attacks that manipulate the data transmitted over the controller-actuator links. We consider a model-based attack isolation scheme that utilizes a set of unknown input observers with dedicated residuals to isolate the attacks from process disturbances and distinguish different types of attacks. Conditions that
guarantee attack isolation are obtained and used to establish the fundamental connection between the process and control system structures, on the one hand, and the ability of the identification scheme to isolate the attacks, on the other. This characterization serves as a foundation for the development of a screening methodology that determines whether certain attacks may or may not be isolated for a given choice of the control configuration. The proposed methodology integrates attack identification as an additional criterion in the selection of the control system configuration. The results are illustrated using a chemical process example.

References

[1] T. Alladi, V. Chamola, and S. Zeadally, “Industrial control systems: Cyberattack trends and countermeasures,” Computer Communications, vol. 155, pp. 1–8, 2020.

[2] N. Mtukushe, A. K. Onaolapo, A. Aluko, and D. G. Dorrell, “Review of cyberattack implementation, detection, and mitigation methods in cyber-physical systems,” Energies, vol. 16, p. 5206, 2023.

[3] S. Parker, Z. Wu, and P. D. Christofides, “Cybersecurity in process control, operations, and supply chain,” Computers & Chemical Engineering, p. 108169, 2023.

[4] D. Zhang, Q.-G. Wang, G. Feng, Y. Shi, and A. V. Vasilakos, “A survey on attack detection, estimation and control of industrial cyber–physical systems,” ISA transactions, vol. 116, pp. 1–16, 2021.

[5] S. Narasimhan, N. H. El-Farra, and M. J. Ellis, “Detectability-based controller design screening for processes under multiplicative cyberattacks,” AIChE Journal, vol. 68, no. 1, p. e17430, 2022.

[6] ——, “Active multiplicative cyberattack detection utilizing controller switching for process systems,” Journal of Process Control, vol. 116, pp. 64–79, 2022.

[7] F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE transactions on automatic control, vol. 58, pp. 2715–2729, 2013.

[8] Z. Wu, F. Albalawi, J. Zhang, Z. Zhang, H. Durand, and P. D. Christofides, “Detecting and handling cyber-attacks in model predictive control of chemical processes,” Mathematics, vol. 6, no. 10, p. 173, 2018.

[9] S. Chen, Z. Wu, and P. D. Christofides, “Cyber-attack detection and resilient operation of nonlinear processes under economic model predictive control,” Computers & Chemical Engineering, vol. 136, p. 106806, 2020.

[10] M. Kordestani and M. Saif, “Observer-based attack detection and mitigation for cyber-physical systems: A review,” IEEE Systems, Man, and Cybernetics Magazine, vol. 7, pp. 35–60, 2021.