{"title":"An Integrated Security-Safety Architecture for Industrial Wireless Control System Based on Cyber-Control-Physical Cross-Domain Collaboration","authors":"Wei Liang;Sichao Zhang;Yinlong Zhang;Jialin Zhang;Xudong Yuan","doi":"10.1109/JSAC.2025.3574615","DOIUrl":null,"url":null,"abstract":"Industrial Control Systems (ICSs) are the core of industrial production. Wireless technology, with its flexibility and adaptability, is catalyzing a transformative shift from traditional ICS to the advanced Industrial Wireless Control Systems (IWCSs). However, the openness of wireless media, high dynamics of the environment, and resource scarcity present unprecedented security challenges of high security defense costs and low detection inaccuracy for IWCS. State-of-the-art methods primarily treat ICS as a typical cyber-physical system, which focuses on security issues from the cyber and control domains, rather than the physical domain. As a result, they are unable to fully address the high dynamics of wireless channels and unknown attacks, ultimately failing to meet the stringent security requirements of industrial systems. To this end, this paper proposes a physical-domain whitelist as the final line of security defense leveraging the finite nature of the physical behavior space in industrial production systems. Moreover, a holistic cross-domain security-safety architecture is introduced, drawing inspiration from the integrated cyber-control-physical collaboration. In the proposed architecture, the top-down inherent security-safety defense and bottom-up risk backtracking form a close loop, which not only prevents unknown attacks but also facilitates rapid localization and response to attacks. In the experiment, the composite AGV scheduling control has been developed to verify the effectiveness of the architecture. Ultimately, the potential challenges of the cross-domain architecture for IWCS safety-security defense have been summarized.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 9","pages":"3231-3246"},"PeriodicalIF":17.2000,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/11016837/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Industrial Control Systems (ICSs) are the core of industrial production. Wireless technology, with its flexibility and adaptability, is catalyzing a transformative shift from traditional ICS to the advanced Industrial Wireless Control Systems (IWCSs). However, the openness of wireless media, high dynamics of the environment, and resource scarcity present unprecedented security challenges of high security defense costs and low detection inaccuracy for IWCS. State-of-the-art methods primarily treat ICS as a typical cyber-physical system, which focuses on security issues from the cyber and control domains, rather than the physical domain. As a result, they are unable to fully address the high dynamics of wireless channels and unknown attacks, ultimately failing to meet the stringent security requirements of industrial systems. To this end, this paper proposes a physical-domain whitelist as the final line of security defense leveraging the finite nature of the physical behavior space in industrial production systems. Moreover, a holistic cross-domain security-safety architecture is introduced, drawing inspiration from the integrated cyber-control-physical collaboration. In the proposed architecture, the top-down inherent security-safety defense and bottom-up risk backtracking form a close loop, which not only prevents unknown attacks but also facilitates rapid localization and response to attacks. In the experiment, the composite AGV scheduling control has been developed to verify the effectiveness of the architecture. Ultimately, the potential challenges of the cross-domain architecture for IWCS safety-security defense have been summarized.