Securing Industrial Cyber–Physical Systems: A Run-Time Multilayer Monitoring

Abstract

Industrial cyber-physical systems (ICPSs) are widely deployed in monitoring and control of the nation's critical industrial processes, such as water distribution networks and power grids. ICPSs are the tight integration of cyber (software) and physical entities connected via communication networks. Communication networks are typically realized via wireless channels to reduce the cost of wires and installation. However, they are also inherently unreliable, easy to disrupt, and subvert, which makes them a potential target for cyberattacks. The failure of communication can cause data loss or delays, which can compromise system functionality and have catastrophic consequences due to the strict real-time requirements of ICPSs. Current run-time security monitors protect ICPSs either at communication level (through network intrusion monitors) or at application level (through threat detection monitors). Such monitors are layer-specific and, thus, fail to detect advanced threats arising from the multilayer disruption. In this article, we present a multilayer run-time security monitor that can detect discrepancies caused by interdependent application and communication layer attacks and prevent their propagation into the system's control loops. We demonstrate the effectiveness of the approach via an example of the ICPS used for control and monitoring of a water distribution network.