(196c) Control Mode Selection for Switching-Enabled Cyberattack Detection

Process control systems (PCSs) are industrial control systems that operate chemical manufacturing processes and have been targets for several sophisticated cyberattacks [1], leading to a focus on enhancing their cybersecurity [2]. PCS designs for cybersecurity consider the scenario in which a malicious agent can alter operational data or control logic after successfully circumventing information technology-based cybersecurity protections (e.g., firewalls). Several approaches have been presented for cybersecure PCS design [3]-[11], including attack detection schemes to determine the presence of an attack (e.g., [3], [9]-[11]) and attack identification and mitigation strategies (e.g., [7]). A cyberattack detection scheme detects an attack on the process based on anomalous behavior of measured variables.

Control parameters may influence the ability of a detection scheme to detect an attack [8]. The control mode that a process is operated under for extended periods may be designed to use control parameters that ensure that the closed-loop performance requirements are met. Under this mode, called the nominal control mode, some attacks may not be detectable, and for their detection, the process may need to be operated under alternative control modes. Alternative control modes may be selected to ensure attack detection and may not meet the closed-loop performance requirements for the process. To manage a potential tradeoff between attack detection and performance requirements, the control mode may be switched occasionally to an alternative control mode. Control mode switching may excite process dynamics and induce a transient behavior in the process operated under steady-state conditions (when the process states evolve within a neighborhood of the steady-state and the monitoring variable evolves within a terminal set). Transient behavior may trigger undesirable false alarms in a terminal set-based detection scheme [9], [10]. Since reachable sets of the attack-free process track the evolution of the monitoring variable, a reachable set-based attack detection scheme [11] is utilized to monitor the switched process for attacks while ensuring zero false alarms from switching. An attack is detected if the monitoring variable is not contained within the attack-free reachable set.

This work presents strategies for selecting alternative control modes for switching-enabled cyberattack detection using the reachable set-based detection scheme. Several strategies are presented and compared. The first strategy ensures that the terminal set of the monitoring variable under the alternative mode is larger than the terminal set under the nominal control mode. The second strategy is to use an alternative control mode under which an attack on the process destabilizes it [9], [10]. Finally, the third strategy involves selecting control parameters chosen such that the reachable sets of the attacked and the attack-free processes do not intersect at some time step, enabling attack detection. To ensure the detection of a wide range of attacks, different control modes are used over the length of the operation. Using an illustrative process example, the selection of and implementation of each alternative control mode to enable the detection of attacks with zero false alarms is demonstrated.

References:

[1] T. Miller, A. Staves, S. Maesschalck, M. Sturdee, and B. Green, “Looking back to look forward: Lessons learnt from cyber-attacks on industrial control systems,” International Journal of Critical Infrastructure Protection, volume 35, pp. 100464, 2021.

[2] M. S. Mahmoud, M. M. Hamdan, and U. A. Baroudi, “Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges,” Neurocomputing, volume 338, pp. 101-115, 2019.

[3] D. Zhang, Q. G. Wang, G. Feng, Y. Shi, and A. V. Vasilakos, “ A survey on attack detection, estimation and control of industrial cyber–physical systems,” ISA transactions, vol. 116, pp. 1-16, 2021.

[5] S. Parker, Z. Wu, and P. D. Christofides, “Cybersecurity in process control, operations, and supply chain,” Computers & Chemical Engineering, volume 171, pp. 108169, 2023.

[6] K. Neiman, D. Messina, M. Wegener, and H. Durand, “Cybersecurity and dynamic operation in practice: Equipment impacts and safety guarantees,” Journal of Loss Prevention in the Process Industries, volume 81, pp. 104898, 2023.

[7] A. Zedan, and N. H. El-Farra, “A machine-learning approach for identification and mitigation of cyberattacks in networked process control systems,” Chemical Engineering Research and Design, volume 176, pp. 102-115, 2021.

[8] S. Narasimhan, N. H. El-Farra, and M. J. Ellis, “Detectability-based controller design screening for processes under multiplicative cyberattacks,” AIChE Journal, volume 68, pp. e17430, 2022.

[9] S. Narasimhan, N. H. El-Farra, and M. J. Ellis. “Active multiplicative cyberattack detection utilizing controller switching for process systems,” Journal of Process Control, volume 116, pp. 64-72, 2022.

[10] S. Narasimhan, N. H. El-Farra, and M. J. Ellis. “A control‐switching approach for cyberattack detection in process systems with minimal false alarms,” AIChE Journal, volume 68, pp. e17875, 2022.

[11] S. Narasimhan, N. H. El-Farra, and M. J. Ellis. “A reachable set-based cyberattack detection scheme for dynamic processes,” Proceedings of the American Control Conference, In Press, 2023.