Ensuring cyber-resilience in PCSs necessitates the development of attack isolation schemes capable of pinpointing the compromised components, such as the targeted sensor-controller or controller-actuator links, to enable the implementation of mitigation strategies [5]. Model-based observer banks have emerged as a widely studied approach for attack isolation [4]. In these methods, dedicated residual vectors—defined as the difference between actual measurements and observer-estimated measurements—serve as key monitoring variables for identifying compromised components. Notable examples of such approaches include Luenberger observer-based methods (e.g., [6, 7]) and unknown input observers (UIOs) (e.g., [8, 9, 10]).
The effectiveness of these attack isolation schemes is inherently influenced by the underlying control structure, which determines the set of manipulated inputs and available measurements. Despite the growing importance of cyber-resilience, the integration of attack isolation capability as a criterion in control structure selection remains largely unexplored. In a previous work [11], we addressed this gap by characterizing this relationship for a UIO-based isolation scheme and developing a screening algorithm to assess its ability to isolate cyberattacks from one another. The ability of the screening algorithm to assess the attack isolation potential of different control structures, however, may be limited in the presence of persistent process disturbances which typically characterize practical process operations. In such cases, cyberattacks may remain masked within the common-cause variability emerging from the process disturbances [12]. Therefore, distinguishing between cyberattacks and process disturbances becomes critical.
To overcome this limitation, this work incorporates robust attack isolation as a fundamental criterion in control system structure selection. We consider a broad class of cyberattacks that alter the data transmitted over controller-actuator links and employ an attack isolation scheme based on a bank of UIOs with dedicated residuals. For this scheme, we formally characterize a control structure’s ability to distinguish cyberattacks from one another as well as from process disturbances. To quantify this capability, we introduce a robust attack isolation metric (RAIM). RAIM captures the number of controller-actuator links that can be decoupled from all the other links and from the disturbances. This metric forms the basis for a modified screening algorithm that facilitates the systematic evaluation of control system configurations in terms of their robust attack isolation potential. Furthermore, we develop a disturbance screening algorithm to characterize the maximum number of disturbances that can be decoupled within the robust attack isolation scheme. The outcome of this screening algorithm aids in providing sufficient conditions for ensuring robust attack isolation. The results are illustrated through an application to a simulated chemical process, demonstrating the effectiveness of the proposed methodology in enhancing PCS cyber-resilience.
References
[1] T. Alladi, V. Chamola, and S. Zeadally, “Industrial control systems: Cyberattack trends and countermeasures,” Computer Communications, vol. 155, pp. 1–8, 2020.
[2] S. Parker, Z. Wu, and P. D. Christofides, “Cybersecurity in process control, operations, and supply chain,” Computers & Chemical Engineering, p. 108169, 2023.
[3] J. Bergal, “Florida hack exposes danger to water systems,” 2021, accessed on March 31, 2025. [Online]. Available: https://stateline.org/2021/03/10/florida-hack-exposes-danger-to-water-systems
[4] M. Kordestani and M. Saif, “Observer-based attack detection and mitigation for cyberphysical systems: A review,” IEEE Systems, Man, and Cybernetics Magazine, vol. 7, pp. 35–60, 2021.
[5] D. Zhang, Q.-G. Wang, G. Feng, Y. Shi, and A. V. Vasilakos, “A survey on attack detection, estimation and control of industrial cyber–physical systems,” ISA Transactions, vol. 116, pp. 1–16, 2021.
[6] X. Wang, X. Luo, and X. Guan, “Unknown cyber attack detection and isolation for power systems via Luenberger observer,” in Proceedings of the International Conference on Information, Cybernetics and Computational Social Systems. Dalian, China: IEEE, July 2017, pp. 673–678.
[7] A. J. Gallo, F. Boem, and T. Parisini, “Distributed cyber-attack isolation for large-scale interconnected systems,” in Proceedings of the European Control Conference, Virtual Conference, July 2021, pp. 48–53.
[8] L. N. Lemma, S.-H. Kim, and H.-L. Choi, “An unknown-input-observer based approach for cyber attack detection in formation flying UAVs,” in Proceedings of AIAA Infotech@Aerospace Conference, San Diego, CA, Jan 2016. doi: 10.2514/6.2016-0916.
[9] X. Luo, X. Wang, X. Pan, and X. Guan, “Detection and isolation of false data injection attack for smart grids via unknown input observers,” IET Generation, Transmission & Distribution, vol. 13, no. 8, pp. 1277–1286, 2019.
[10] X. Wang, X. Luo, M. Zhang, Z. Jiang, and X. Guan, “Detection and isolation of false data injection attacks in smart grid via unknown input interval observer,” IEEE Internet of Things Journal, vol. 7, pp. 3214–3229, 2020.
[11] A. Gajjar, M. J. Ellis, and N. H. El-Farra, “Cyberattack-aware control structure screening for controller-actuator false data injection attack isolation,” in Proceedings of the American Control Conference, Denver, CO, USA, July 2025, In Press.
[12] S. Narasimhan, N. H. El-Farra, and M. J. Ellis, “Detectability-based controller design screening for processes under multiplicative cyberattacks,” AIChE Journal, vol. 68, no. 1, p. e17430, 2022.