Active Control-Enabled Approaches for Handling Cyberattacks on Process Control Systems

用于处理过程控制系统网络攻击的主动控制方法

• 批准号: 2137281
• 负责人: Matthew Ellis
• 金额: $ 32.47万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-06-01 至 2025-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2137281&HistoricalAwards=false
• 关键词: Active; Control; Enabled; Approaches; Handling

The U.S chemical industry, with manufacturing operations automated using advanced process control systems (PCSs), is a critical component of the national economy. However, the increasing reliance of PCSs on digital communications and networking technologies, together with the growth in complexity and sophistication of cyberattack techniques, have rendered industrial PCSs vulnerable to cyberattacks by malicious agents. Cyberattacks on PCSs aim to disrupt process operations, potentially resulting in adverse effects on public safety and prosperity. The traditional approach for improving cybersecurity of PCSs involves fortifying information technology (IT) systems to prevent a cyberattacker or malicious software from gaining access to the PCS network. However, IT-based cybersecurity approaches remain vulnerable, motivating methods that account for the threat of cyberattacks directly in the PCS design and operation. In this project, computational and modeling tools will be developed to design PCS-based detection methods capable of sensing the presence of cyberattacks in industrially relevant processes to enhance the resiliency and cybersecurity of PCSs. The project findings will provide fundamental insights into which cyberattacks can be detected and how detection sensitivity is linked to PCS performance. Undergraduate and graduate student researchers will be recruited to carry out the research activities, those which include simulated cyberattacks on large-scale industrial processes. Overall, the transformative impact of this project is in its creation of a cybersecurity framework that is directly integrated into PCS design considerations and subsequent operation, driving a paradigm shift in PCS cybersecurity away from treating cyberthreats to PCSs exclusively as an IT-specific problem.The increasing reliance of chemical manufacturing Process Control Systems (PCSs) on advanced communications and networking technologies and the growing sophistication of cyberattacks have rendered industrial PCSs vulnerable to attacks by malicious agents. Cyberattacks on PCSs aim to disrupt operations, destabilize processes, or cause safety incidents. Traditionally, PCS cybersecurity has been based on fortifying Information Technology (IT) systems to prevent a cyberattacker or malicious software from gaining access to the PCS network. While improving IT security will prevent some cyberattacks on PCSs, an attacker may circumvent the IT security measures over extended periods of time without the knowledge of the process operators. This fundamental limitation of IT-based cybersecurity motivates a control-based approach. In this project, active control-enabled cyberattack detection methods will be developed to signal external attacks that manipulate data communicated over the sensor-controller and controller-actuator links. The methods will incorporate cyberattack detection considerations directly in the PCS design and operation. The main research objectives of the project include a) identifying the fundamental properties of cyberattack detectability, including conditions for cyberattack detectability verification, and elucidating the role of the PCS design in cyberattack detectability, b) formulating a PCS design optimization problem that ensures detectability of cyberattacks, c) developing active cyberattack design methodologies to probe/manipulate the PCS to detect stealthy cyberattacks, and d) applying the detection methods to simulated benchmark chemical processes to demonstrate and analyze the performance of this new approach to cybersecurity. The project is expected to advance the fundamental understanding of cyberattack detectability and develop novel control-enabled software tools for cyberattack detection.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

美国化学工业是国民经济的重要组成部分，其制造操作使用先进的过程控制系统（pcs）实现自动化。然而，pc机越来越依赖于数字通信和网络技术，加上网络攻击技术的复杂性和复杂性的增长，使得工业pc机容易受到恶意代理的网络攻击。针对pc的网络攻击旨在破坏流程操作，可能对公共安全和繁荣造成不利影响。提高pc机网络安全的传统方法包括加强信息技术（IT）系统，以防止网络攻击者或恶意软件进入pc机网络。然而，基于it的网络安全方法仍然是脆弱的，激发了在pc设计和操作中直接考虑网络攻击威胁的方法。在该项目中，将开发计算和建模工具来设计基于pc的检测方法，这些方法能够感知工业相关过程中网络攻击的存在，以增强pc的弹性和网络安全。该项目的研究结果将为网络攻击的检测方式以及检测灵敏度与pc性能之间的关系提供基本见解。将招募本科生和研究生研究人员开展研究活动，其中包括模拟大规模工业过程的网络攻击。总体而言，该项目的变革性影响在于它创建了一个网络安全框架，该框架直接集成到pc的设计考虑和后续操作中，推动了pc网络安全的范式转变，不再仅仅将pc的网络威胁视为it特定问题。化学制造过程控制系统（pcs）越来越依赖于先进的通信和网络技术以及日益复杂的网络攻击，使得工业pcs容易受到恶意代理的攻击。针对pc的网络攻击旨在破坏操作、破坏流程或造成安全事故。传统上，pc网络安全是建立在强化信息技术（IT）系统的基础上，以防止网络攻击者或恶意软件进入pc网络。虽然改善资讯科技保安可防止个别电脑保安设施受到网络攻击，但攻击者可能会在过程操作员不知情的情况下，在较长时间内绕过资讯科技保安措施。基于it的网络安全的这一基本限制激发了基于控制的方法。在本项目中，将开发主动控制网络攻击检测方法，以信号外部攻击，操纵通过传感器-控制器和控制器-执行器链接通信的数据。这些方法将直接将网络攻击检测考虑纳入PCS设计和操作中。该项目的主要研究目标包括：a)确定网络攻击可检测性的基本属性，包括网络攻击可检测性验证的条件，并阐明PCS设计在网络攻击可检测性中的作用；b)制定确保网络攻击可检测性的PCS设计优化问题；c)开发主动网络攻击设计方法，探测/操纵PCS以检测隐形网络攻击。d)将检测方法应用于模拟基准化学过程，以演示和分析这种网络安全新方法的性能。该项目预计将推进对网络攻击可检测性的基本理解，并开发用于网络攻击检测的新型控制软件工具。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

A control‐switching approach for cyberattack detection in process systems with minimal false alarms

一种用于过程系统中网络攻击检测的控制切换方法，可最大限度地减少误报

• DOI: 10.1002/aic.17875
• 发表时间: 2022
• 期刊: AIChE Journal
• 影响因子: 3.7
• 作者: Narasimhan, Shilpa;El‐Farra, Nael H.;Ellis, Matthew J.
• 通讯作者: Ellis, Matthew J.

Active multiplicative cyberattack detection utilizing controller switching for process systems

• DOI: 10.1016/j.jprocont.2022.05.014
• 发表时间: 2022-08
• 期刊: Journal of Process Control
• 影响因子: 4.2
• 作者: Shilpa Narasimhan;N. El‐Farra;M. Ellis

Controller Switching-Enabled Active Detection of Multiplicative Cyberattacks on Process Control Systems

• DOI: 10.23919/acc53348.2022.9867804
• 发表时间: 2022-06
• 期刊: 2022 American Control Conference (ACC)
• 作者: Shilpa Narasimhan;N. El‐Farra;Matthew J. Ellis

A reachable set-based scheme for the detection of false data injection cyberattacks on dynamic processes

一种基于可达集的方案，用于检测动态过程中的虚假数据注入网络攻击

• DOI: 10.1016/j.dche.2023.100100
• 发表时间: 2023
• 期刊: Digital Chemical Engineering
• 作者: Narasimhan, Shilpa;El-Farra, Nael H.;Ellis, Matthew J.
• 通讯作者: Ellis, Matthew J.

Cyberattack detectability-based controller screening: Application to a nonlinear process

基于网络攻击可检测性的控制器筛选：在非线性过程中的应用

• 发表时间: 2022
• 期刊: 14th International Symposium on Process Systems Engineering
• 作者: Narasimhan, S.;El-Farra, N. H.;Ellis, M. J.
• 通讯作者: Ellis, M. J.