Context: This paper is motivated by the need to improve the resilience of industrial control systems. Many control systems currently operating in the industry were designed and implemented before the boom in communications (wired and wireless networks) within industrial control systems. However, nowadays they operate connected to the communications network. This increase in connectivity has made the systems susceptible to cyber-attacks that seek to degrade the proper operation of the control loop even affecting only one sensor.
 Method: We use concepts from fault tolerant control and classic control theory to show that it is possible to reconstruct the system state without (any) one of the system outputs. This fact is used in the recalculation of the control signal through an algorithm of attack detection and isolation, to avoid for an attack to be feedback to the system, mitigating its effect. We show the effectiveness of our proposal with simulations on a four-tanks testbed using Matlab and Simulink.
 Results: We show that a bank of unknown input observers can be designed to recover true information from attacked sensors, i.e., recover the information without the effect of the attack. Therefore, the estimation obtained from those observers can be utilized for computing a control action that mitigates the effect of the attack.
 Conclusions: This mitigation of the attack prevents a single sensor attack from signi cantly impair the action of low-level controllers, improving the resilience on the system just modifying the digital controller architecture. The development presented is limited to cyber-attacks on system sensors pre- sented one at a time, that still can compromise seriously the system behavior. Future work will address the extension of the presented results in situations with simultaneous attacks on more than one sensor, and/or consider attacks on the control system actuators.
Read full abstract