Integrated Approach to Diagnostics of Failures and Cyber-Attacks in Industrial Control Systems

Michał Syfert, Andrzej Ordys (), Jan Maciej Kościelny, Paweł Wnuk, Jakub Możaryn and Krzysztof Kukiełka
Additional contact information
Michał Syfert: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland
Andrzej Ordys: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland
Jan Maciej Kościelny: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland
Paweł Wnuk: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland
Jakub Możaryn: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland
Krzysztof Kukiełka: Institute of Automatic Control and Robotics, Faculty of Mechatronics, Warsaw University of Technology, ul. Św. A. Boboli 8, 02-525 Warsaw, Poland

Energies, 2022, vol. 15, issue 17, 1-24

Abstract: This paper is concerned with the issue of the diagnostics of process faults and the detection of cyber-attacks in industrial control systems. This problem is of significant importance to energy production and distribution, which, being part of critical infrastructure, is usually equipped with process diagnostics and, at the same time, is often subject to cyber-attacks. A commonly used approach would be to separate the two types of anomalies. The detection of process faults would be handled by a control team, often with a help of dedicated diagnostic tools, whereas the detection of cyber-attacks would be handled by an information technology team. In this article, it is postulated here that the two can be usefully merged together into one, comprehensive, anomaly detection system. For this purpose, firstly, the main types of cyber-attacks and the main methods of detecting cyber-attacks are being reviewed. Subsequently, in the analogy to “process fault”—a term well established in process diagnostics—the term “cyber-fault” is introduced. Within this context a cyber-attack is considered as a vector containing a number of cyber-faults. Next, it is explained how methods used in process diagnostics for fault detection and isolation can be applied to the detection of cyber-attacks and, in some cases, also to isolation of the components of such attacks, i.e., cyber-faults. A laboratory stand and a simulator have been developed to test the proposed approach. Some test results are presented, demonstrating that, similarly to equipment/process faults, residua can be established and cyber-faults can be identified based on the mismatch between the real data from the system and the outputs of the simulation model.

Keywords: failure detection; cyber-attack detection; cyber-attacks isolation (search for similar items in EconPapers)
JEL-codes: Q Q0 Q4 Q40 Q41 Q42 Q43 Q47 Q48 Q49 (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.mdpi.com/1996-1073/15/17/6212/pdf (application/pdf)
https://www.mdpi.com/1996-1073/15/17/6212/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jeners:v:15:y:2022:i:17:p:6212-:d:898530

Access Statistics for this article

Energies is currently edited by Ms. Agatha Cao

More articles in Energies from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().