Henrique Oyama, Keshav Kasturi Rangan, Helen Durand
{"title":"Handling of stealthy sensor and actuator cyberattacks on evolving nonlinear process systems","authors":"Henrique Oyama, Keshav Kasturi Rangan, Helen Durand","doi":"10.1002/amp2.10099","DOIUrl":null,"url":null,"abstract":"<p>Cyberattacks on control systems in the chemical process industries cause concern regarding how they can impact finances, safety, and production levels of companies. A key practical challenge for cyberattack detection and handling using process information is that process behavior evolves over time. Conceivably, changes in process dynamics might cause some detection strategies to flag a change in the dynamics as an attack due to the new data appearing abnormal compared to data from before the dynamics changed. In this work, we utilize several case studies to probe the question of what might be the impacts, benefits, and limitations of cyberattack detection and handling policies when the process dynamics change over time. The goal of this work is to characterize, through simulation studies, characteristics, which might be desirable and undesirable in cyberattack detection and handling procedures when process evolution is inevitable. We demonstrate challenges with cyberattack detection when process dynamics change and subsequently, discuss two concepts for handling attacks—one which utilizes a two-tier detection strategy in which model reidentification is triggered when it is not clear whether an attack or a change in the process dynamics has occurred, and one in which control signals are injected at intervals by the actuators. We utilize simulations to elucidate characteristics of these strategies and demonstrate that verifiability of attack-handling methods is key to their implementation (i.e., <i>ad hoc</i> tuning has potential to leave vulnerabilities which an attacker might locate and exploit).</p>","PeriodicalId":87290,"journal":{"name":"Journal of advanced manufacturing and processing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1002/amp2.10099","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of advanced manufacturing and processing","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/amp2.10099","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
Cyberattacks on control systems in the chemical process industries cause concern regarding how they can impact finances, safety, and production levels of companies. A key practical challenge for cyberattack detection and handling using process information is that process behavior evolves over time. Conceivably, changes in process dynamics might cause some detection strategies to flag a change in the dynamics as an attack due to the new data appearing abnormal compared to data from before the dynamics changed. In this work, we utilize several case studies to probe the question of what might be the impacts, benefits, and limitations of cyberattack detection and handling policies when the process dynamics change over time. The goal of this work is to characterize, through simulation studies, characteristics, which might be desirable and undesirable in cyberattack detection and handling procedures when process evolution is inevitable. We demonstrate challenges with cyberattack detection when process dynamics change and subsequently, discuss two concepts for handling attacks—one which utilizes a two-tier detection strategy in which model reidentification is triggered when it is not clear whether an attack or a change in the process dynamics has occurred, and one in which control signals are injected at intervals by the actuators. We utilize simulations to elucidate characteristics of these strategies and demonstrate that verifiability of attack-handling methods is key to their implementation (i.e., ad hoc tuning has potential to leave vulnerabilities which an attacker might locate and exploit).