(452e) On the Intersection of Process/Equipment Design and Control System Cybersecurity

Cybersecurity of process control systems is an emerging direction of research investigation in the chemical process control literature. Though a number of works have looked at ways of seeking to combat cyberattacks on industrial control systems (e.g., through detection methods and subsequent strategies which modify signals in a control loop to revert to those which are not compromised by an attack [1,2]), an open research topic in process control system cybersecurity is developing a theoretical framework in which they can be understood. Our recent work [3] demonstrated that for processes described by systems of nonlinear ordinary differential equations, the most general definition of a cyberattack is a condition in which any input within the input bounds can be applied to the process, regardless of the process state. Because the input does not necessarily have a relationship to the state under a cyberattack, these attacks may be difficult to handle with control designs without detection mechanisms that do not fail to identify the attacks before they become problematic.

Motivated by the above considerations, we take an alternative perspective to handling cybersecurity through process control, and instead investigate the manner in which process designs contribute to safety concerns under cyberattacks. Specifically, inspired by the fact that safety relief valves [4] are a mechanical means for preventing unexpected incidents by changing the process dynamics, we explore the manner in which process dynamics and input bounds are related to the extent to which an attack can succeed. We also explore the concept that equipment failure, even that of downstream equipment from the equipment which attacked actuators may directly impact, could be attempted to be compromised during a cyberattack. We explore how modeling of equipment behavior under dynamic process conditions (through equations which describe, for example, stress and strain) may aid in better understanding how cyberattacks can create problematic operating conditions.

[1] Z. Wu, F. Albalawi, J. Zhang, Z. Zhang, H. Durand and P. D. Christofides, “Detecting and Handling Cyber-Attacks in Model Predictive Control of Chemical Processes,” Mathematics, 6, 173, 22 pages, 2018.

[2] A. A. Cárdenas, S. Amin, Z.-S. Lin, Y.-L. Huang, C.-Y. Huang and S. Sastry, “Attacks against process control systems: Risk assessment, detection, and response,” In Proceedings of the ACM Asia Conference on Computer & Communications Security, Hong Kong, China, 2011.

[3] H. Durand, “A Nonlinear Systems Framework for Cyberattack Prevention for Chemical Process Control Systems,” Mathematics, 6, 169, 44 pages, 2018.

[4] T. Marlin, “Operability in Process Design: Achieving Safe, Profitable, and Robust Process Operations.” McMaster University, Ontario, Canada, 2012.