EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

An integrated cyber-physical framework for worst-case attacks in industrial control systems

Navid Aftabi, Dan Li and Thomas C. Sharkey

IISE Transactions, 2025, vol. 57, issue 12, 1464-1482

Abstract: Industrial Control Systems (ICSs) are widely used in critical infrastructures that face various cyberattacks causing physical damage. With the increasing integration of the ICSs and information technology (IT), ensuring the security of ICSs is of paramount importance. In an ICS, cyberattacks exploit vulnerabilities to compromise sensors and controllers, aiming to cause physical damage. Maliciously accessing different components poses varying risks, highlighting the importance of identifying worst-case cyberattacks. This aids in designing effective detection schemes and mitigation strategies. This article proposes an optimization framework that integrates cyber and physical systems of ICSs to identify the worst-case attack. The framework models cyberattacks with varying resources by (i) maximizing physical impact in terms of time to failure of the physical system, (ii) quickly accessing the sensors and controllers in the cyber system while exploiting limited vulnerabilities, (iii) avoiding detection in the physical system, and (iv) complying with the cyber and physical restrictions. These objectives enable us to model the interactions between the cyber and physical systems jointly and study the critical cyberattacks that cause the highest impact on the physical system under certain resource constraints. Our framework serves as a tool to understand the critical vulnerabilities of an ICS by holistically considering the interactions between cyber and physical systems. It also assesses the robustness of existing detection schemes and mitigation strategies by generating worst-case attack strategies. We illustrate and verify the effectiveness of our proposed method in both a numerical and a case study. The results show that a worst-case strategic attacker causes almost 19% further acceleration in the time to failure of the physical system while remaining undetected compared with a random attacker. Moreover, by considering the interactions and interdependencies between cyber and physical systems, our framework identifies worst-case attacks that reveal critical vulnerabilities and deficiencies in existing detection schemes, which can remain hidden when the two layers are analyzed separately.

Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/24725854.2024.2439856 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:uiiexx:v:57:y:2025:i:12:p:1464-1482

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/uiie20

DOI: 10.1080/24725854.2024.2439856

Access Statistics for this article

IISE Transactions is currently edited by Jianjun Shi

More articles in IISE Transactions from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-10-07
Handle: RePEc:taf:uiiexx:v:57:y:2025:i:12:p:1464-1482