The coming decades may see the large scale deployment of networked cyber-physical systems to address global needs in areas such as energy, water, health care, and transportation. However, as recent ...events have shown, such systems are vulnerable to cyber attacks. Being safety critical, their disruption or misbehavior can cause economic losses or injuries and loss of life. It is therefore important to secure such networked cyber-physical systems against attacks. In the absence of credible security guarantees, there will be resistance to the proliferation of cyber-physical systems, which are much needed to meet global needs in critical infrastructures and services. This paper addresses the problem of secure control of networked cyber-physical systems. This problem is different from the problem of securing the communication network, since cyber-physical systems at their very essence need sensors and actuators that interface with the physical plant, and malicious agents may tamper with sensors or actuators, as recent attacks have shown. We consider physical plants that are being controlled by multiple actuators and sensors communicating over a network, where some sensors could be "malicious," meaning that they may not report the measurements that they observe. We address a general technique by which the actuators can detect the actions of malicious sensors in the system and disable closed-loop control based on their information. This technique, called "watermarking," employs the technique of actuators injecting private excitation into the system, which will reveal malicious tampering with signals. We show how such an active defense can be used to secure networked systems of sensors and actuators.
Safety and security have traditionally been distinct problems in engineering and computer science. The introduction of computing elements to create cyber-physical systems (CPSs) has opened up a vast ...new range of potential problems that do not always show up on the radar of traditional engineers. Security, in contrast, is traditionally viewed as a data or communications security problem to be handled by computer scientists and/or computer engineers. Advances in CPSs and the Internet-of-Things (IoT) requires us to take a unified view of safety and security. This paper defines a safety/security threat model for CPSs and IoT systems and surveys emerging techniques which improve the safety and security of CPSs and IoT systems.
This article investigates the finite-time secure filter design of fuzzy switched cyber-physical systems equipped with a resource-constraint network that may undergo false data injection ...attacks (FDIAs). To strike a higher level balance between the resource consumption and filtering performance, a multidomain probabilistic event-triggered mechanism (MDPETM) is initially developed. And the mode mismatched phenomenon between the filter and the system is characterized through a delayed switching signal. Based on the MDPETM and a virtual delay partitioning approach, fuzzy mismatched secure filters are first devised whose modes could differ from the system. Then, filter-mode-dependent Lyapunov functionals are created to obtain new sufficient criteria such that the filtering error achieves finite-time boundedness with extended dissipativity subject to admissible FDIAs. The filter gains are obtained by solving a set of convex optimization problems. Finally, an application-oriented example is employed to test the effectiveness and advantages of the proposed results.
The digital twin (DT) is a virtual representation of a physical object, which has been proposed as one of the key concepts for Industry 4.0. The DT provides a virtual representation of products along ...their lifecycle that enables the prediction and optimization of the behavior of a production system and its components. A methodology design using model-driven engineering (MDE) is proposed that strives toward being both flexible and generic. This approach is presented at two levels: first, a DT is modeled as a composition of basic components that provide basic functionalities, such as identification, storage, communication, security, data management, human-machine interface (HMI), and simulation; second, an aggregated DT is defined as a hierarchical composition of other DTs. A generic reference architecture based on these concepts and a concrete implementation methodology are proposed using AutomationML. This methodology follows an MDE approach that supports most of the DT features currently proposed in the literature. A case study has been developed, the proposed ideas are being evaluated with industrial case studies, and some of the preliminary results are described in this article. With the case study, it is possible to verify that the proposed methodology supports the creation and the deployment process of a DT.
As a cyber-physical system (CPS), the security of microgrids (MGs) is threatened by unknown faults and cyberattacks. Most existing distributed control methods for MGs are proposed based on the ...assumption that secondary controllers of distributed generation units operate in normal conditions. However, the faults and attacks of the distributed control system could lead to a significant impact and consequently influence the security and stability of MGs. In this article, a distributed resilient control strategy for multiple energy storage systems (ESSs) in islanded MGs is proposed to deal with these hidden but lethal issues. By introducing an adaptive technique, a distributed resilient control method is proposed for frequency/voltage restoration, fair real power sharing, and state-of-charge balancing in MGs with multiple ESSs in abnormal condition. The stability of the proposed method is rigorously proved by Lyapunov methods. The proposed method is validated on test systems developed in OPAL-RT simulator under various cases.
This article investigates the zero-sum game-based secure control problem for cyber-physical systems (CPS) under the actuator false data injection attacks. The physical process is described as a ...linear time-invariant discrete-time model. Both the process noise and the measurement noise are addressed in the design process. An optimal Kalman filter is given to estimate the system states. The adversary and the defender are modeled as two players. Under the zero-sum game framework, an optimal infinite-horizon quadratic cost function is defined. Employing the dynamic programming approach, the optimal defending policy and the attack policy are derived. The convergence of the cost function is proved. Moreover, the critical attack probability is derived, beyond which the cost cannot be bounded. Finally, simulation results are provided to validate the proposed secure scheme.
The evolution of cyber-physical system (CPS) benefits from substantial supports of many cutting-edge technologies. However, as a significant medium to bridge virtual and reality parts, the ...dependability of various network components is facing unprecedented challenges and threats. In this article, we propose a smart collaborative balancing (SCB) scheme to dynamically adjust the orchestration of network functions and efficiently optimize the workflow patterns. First, mathematical models of bandwidth allocation for multiuser with appropriate probability distribution are established. Matrix operations are utilized to solve the relevant issues based on individual congestion windows. Invasion defense mechanisms are also provided and discussed. Second, specific procedures of collaboration among different network components are presented. The capabilities of CPS, in terms of bandwidth allocation and invasion defense, are guaranteed via novel queueing policies and access control mechanisms. Third, we build a comprehensive prototype including multiple domains and users for validations. Experimental results in two scenarios illustrate that SCB not only supports service reliability of end hosts with different priorities, but also resists malicious attacks which are targeting the corresponding terminals inside domains. Compared to the benchmarks in software defined networks and traditional Internet, our scheme performs better in both available resource management and abnormal flow recognition aspects.
•CPS and digital twin are reviewed and analyzed from the multi-perspectives.•The differences and correlation between CPS and digital twin are discussed.•Digital twin can be considered as a necessary ...foundation and path to realize CPS.
State-of-the-art technologies such as the Internet of Things (IoT), cloud computing (CC), big data analytics (BDA), and artificial intelligence (AI) have greatly stimulated the development of smart manufacturing. An important prerequisite for smart manufacturing is cyber–physical integration, which is increasingly being embraced by manufacturers. As the preferred means of such integration, cyber–physical systems (CPS) and digital twins (DTs) have gained extensive attention from researchers and practitioners in industry. With feedback loops in which physical processes affect cyber parts and vice versa, CPS and DTs can endow manufacturing systems with greater efficiency, resilience, and intelligence. CPS and DTs share the same essential concepts of an intensive cyber–physical connection, real-time interaction, organization integration, and in-depth collaboration. However, CPS and DTs are not identical from many perspectives, including their origin, development, engineering practices, cyber–physical mapping, and core elements. In order to highlight the differences and correlation between them, this paper reviews and analyzes CPS and DTs from multiple perspectives.
This technical note proposes an algorithm to assess the safety of the cyber-physical system (CPS) in the presence of cyber attacks, which can be designed intelligently to avoid the detection. The ...main idea is based on the reachability analysis that computes the reachable set of CPS states possibly reached by all potential cyber attacks regardless of their detection. The reachable set computation typically demands a large computation cost and has mostly relied on the (over) approximation techniques. However, our algorithm analytically derives the exact reachable set solution and further establishes a recursive computation structure that can perform in the real-time CPS operation. This can significantly enhance the quality of the online safety assessment, enabling more reliable, less conservative, and computationally efficient process.