Context:

This paper is motivated by the need to improve the resilience of industrial control systems. Many control systems currently operating in the industry were designed and implemented before the boom in communications (wired and wireless networks) within industrial control systems. However, nowadays, they operate connected to the communications network. This increase in connectivity has made these systems susceptible to cyber-attacks that seek to deteriorate the proper operation of the control loop, even when affecting only one sensor.

Method:

Concepts from fault tolerant control and classic control theory are used to show that it is possible to reconstruct the system state without (any) one of the system outputs. This is employed in the control action signal recalculation through an algorithm of attack detection and isolation, in order to prevent an attack being from fed back to the system, mitigating its effect. This work shows the effectiveness of our proposal with simulations on a four tanks testbed using Matlab and Simulink.

Results:

This work demonstrates that a bank of unknown input observers can be designed to recover true information from attacked sensors, i.e., the information without the effect of the attack. Therefore, the estimate obtained from said observers can be utilized for computing a control action that mitigates the effect of the attack.

Conclusions:

This mitigation prevents a single sensor attack from significantly impairing the action of low-level controllers, improving the resilience of the system by only modifying the digital controller architecture. This development is limited to cyber-attacks on system sensors happening one at a time, which can still seriously compromise the system behavior. Future work will address the extension of the results to situations with simultaneous attacks on more than one sensor and/or consider attacks on the control system actuators.

        · resumo em Espanhol     · texto em Inglês     · Inglês ( pdf )