1. On Cyber Security for Networked Control Systems
- Author
-
Amin, Saurabh and Amin, Saurabh
- Abstract
The instrumentation of infrastructure systems by embedded sensors, computation, and communication networks has enabled significant advances in their management. Examples include monitoring of structural health, traffic congestion, environmental hazards, and energy usage. The use of homogeneous (especially, commercially available off-the-shelf) information technology (IT) solutions makes infrastructure systems subject to correlated hardware malfunctions and software bugs. Over the past decade, many concerns have been raised about the vulnerabilities of infrastructure systems to both random failures and security attacks. Cyber-security of Supervisory Control and Data Acquisition (SCADA) systems is especially important, because these systems are employed for sensing and control of large physical infrastructures. So far, the existing research in robust and fault-tolerant control does not account for cyber attacks on networked control system (NCS) components. Also, the existing research in computer security neither considers the attacks targeting NCS components nor accounts for their interactions with the physical system. The goal of this thesis is to bridge this gap by focusing on (1) security threat assessment, (2) model-based attack diagnosis, and (3) resilient control design. First, cyber-security assessment for SCADA systems is performed based on well-defined attacker and defender objectives. The mathematical model of SCADA systems considered in this work has two control levels: regulatory control using distributed proportional-integral (PI) controllers, and supervisory fault diagnosis based on approximate dynamical system models. The performance of a PI control based regulatory scheme and a model-based supervisory diagnostic scheme is studied under a class of deception attacks. In order to test the system resilience, a class of stealthy attacks which can evade detection by SCADA systems is presented. Second, design of attack diagnosis schemes that incorporate the k
- Published
- 2011