Process/Equipment Design Implications for Control System Cybersecurity

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this work, we begin an exploration into the implications of process and equipment design for enhancing the ability of chemical processes to maintain safe operation during cyberattacks on the process control systems

Perspectives on Design Considerations Inspired by Security and Quantum Technology in Cyberphysical Systems for Process Engineering

Advances in computer science have been a driving force for change in process systems engineering for decades. Faster computers, expanded computing resources, simulation software, and improved optimization algorithms have all changed chemical engineers’ abilities to predict, control, and optimize process systems. Two newer areas relevant to computer science that are impacting process systems engineering are cybersecurity and quantum computing. This work reviews some of our group’s recent work in control-theoretic approaches to control system cybersecurity and touches upon the use of quantum computers, with perspectives on the relationships between process design and control when cybersecurity and quantum technologies are of interest

Military and Security Applications: Cybersecurity (Encyclopedia of Optimization, Third Edition)

The domain of cybersecurity is growing as part of broader military and security applications, and the capabilities and processes in this realm have qualities and characteristics that warrant using solution methods in mathematical optimization. Problems of interest may involve continuous or discrete variables, a convex or non-convex decision space, differing levels of uncertainty, and constrained or unconstrained frameworks. Cyberattacks, for example, can be modeled using hierarchical threat structures and may involve decision strategies from both an organization or individual and the adversary. Network traffic flow, intrusion detection and prevention systems, interconnected human-machine interfaces, and automated systems – these all require higher levels of complexity in mathematical optimization modeling and analysis. Attributes such as cyber resiliency, network adaptability, security capability, and information technology flexibility – these require the measurement of multiple characteristics, many of which may involve both quantitative and qualitative interpretations. And for nearly every organization that is invested in some cybersecurity practice, decisions must be made that involve the competing objectives of cost, risk, and performance. As such, mathematical optimization has been widely used and accepted to model important and complex decision problems, providing analytical evidence for helping drive decision outcomes in cybersecurity applications. In the paragraphs that follow, this chapter highlights some of the recent mathematical optimization research in the body of knowledge applied to the cybersecurity space. The subsequent literature discussed fits within a broader cybersecurity domain taxonomy considering the categories of analyze, collect and operate, investigate, operate and maintain, oversee and govern, protect and defend, and securely provision. Further, the paragraphs are structured around generalized mathematical optimization categories to provide a lens to summarize the existing literature, including uncertainty (stochastic programming, robust optimization, etc.), discrete (integer programming, multiobjective, etc.), continuous-unconstrained (nonlinear least squares, etc.), continuous-constrained (global optimization, etc.), and continuous-constrained (nonlinear programming, network optimization, linear programming, etc.). At the conclusion of this chapter, research implications and extensions are offered to the reader that desires to pursue further mathematical optimization research for cybersecurity within a broader military and security applications context

Integrated Cyberattack Detection and Resilient Control Strategies using Lyapunov-Based Economic Model Predictive Control

The use of an integrated system framework, characterized by numerous cyber/physical components (sensor measurements, signals to actuators) connected through wired/wireless networks, has not only increased the ability to control industrial systems, but also the vulnerabilities to cyberattacks. State measurement cyberattacks could pose threats to process control systems since feedback control may be lost if the attack policy is not thwarted. Motivated by this, we propose three detection concepts based on Lyapunov‐based economic model predictive control (LEMPC) for nonlinear systems. The first approach utilizes randomized modifications to an LEMPC formulation online to potentially detect cyberattacks. The second method detects attacks when a threshold on the difference between state measurements and state predictions is exceeded. Finally, the third strategy utilizes redundant state estimators to flag deviations from “normal” process behavior as cyberattacks

A Deep Learning-Based Cyberattack Detection System for Transmission Protective Relays

The digitalization of power systems over the past decade has made the cybersecurity of substations a top priority for regulatory agencies and utilities. Proprietary communication protocols are being increasingly replaced by standardized and interoperable protocols providing utility operators with remote access and control capabilities at the expense of growing cyberattack risks. In particular, the potential of supply chain cyberattacks is on the rise in industrial control systems. In this environment, there is a pressing need for the development of cyberattack detection systems for substations and in particular protective relays, a critical component of substation operation. This paper presents a deep learning-based cyberattack detection system for transmission line protective relays. The proposed cyberattack detection system is first trained with current and voltage measurements representing various types of faults on the transmission lines. The cyberattack detection system is then employed to detect current and voltage measurements that are maliciously injected by an attacker to trigger the transmission line protective relays. The proposed cyberattack detection system is evaluated under a variety of cyberattack scenarios. The results demonstrate that a universal architecture can be designed for the deep learning-based cyberattack detection systems in substations

Cybersecurity Enhancement of Transformer Differential Protection Using Machine Learning

The growing use of information and communication technologies (ICT) in power grid operational environments has been essential for operators to improve the monitoring, maintenance and control of power generation, transmission and distribution, however, at the expense of an increased grid exposure to cyber threats. This paper considers cyberattack scenarios targeting substation protective relays that can form the most critical ingredient for the protection of power systems against abnormal conditions. Disrupting the relays operations may yield major consequences on the overall power grid performance possibly leading to widespread blackouts. We investigate methods for the enhancement of substation cybersecurity by leveraging the potential of machine learning for the detection of transformer differential protective relays anomalous behavior. The proposed method analyses operational technology (OT) data obtained from the substation current transformers (CTs) in order to detect cyberattacks. Power systems simulation using OPAL-RT HYPERSIM is used to generate training data sets, to simulate the cyberattacks and to assess the cybersecurity enhancement capability of the proposed machine learning algorithms

Cyber-physical Systems (CPS) Security: State of the Art and Research Opportunities for Information Systems Academics

Attacks on cyber-physical systems (CPS) continue to grow in frequency. However, cybersecurity academics and practitioners have so far focused primarily on computer systems and networks rather than CPS. Given the alarming frequency with which cybercriminals attack CPS and the unique cyber-physical relationship in CPS, we propose that CPS security needs go beyond what purely computer and network security requires. Thus, we require more focused research on cybersecurity based on the cyber-physical relationship between various CPS components. In this paper, we stock of the current state of CPS security and identify research opportunities for information systems (IS) academics

False Data Injection Attacks Against Synchronization Systems in Microgrids

Synchronization systems play a vital role in the day-to-day operation of power systems and their restoration after cascading failures. Hence, their resilience to cyberattacks is imperative. In this paper, we demonstrate that a well-planned false data injection attack against the synchronization system of a generator is capable of causing tripping subsequently leading to instability and blackout. We present an analytical framework behind the design and implementation of the proposed cyberattack. Moreover, we derive and discuss the conditions for which a cyberattack interfering with a synchronizing signal can be successful. Effective physical mitigation strategies are then proposed to improve the cyber-resilience of synchronization systems. The proposed cyberattack model and mitigation strategies are verified for a microgrid test system using an OPAL-RT real-time simulator