Not all cyber attacks are focused on stealing sensitive information — some seek to destroy physical infrastructure. These kinds of attacks, such as the Stuxnet worm that targets control systems, can damage anything from automated manufacturing to power plants.
ECE’s Cameron Patterson and William Baumann have been awarded a $500,000 National Science Foundation Secure and Trustworthy Cyberspace (SaTC) grant to predict such attacks. “We’re assuming that the systems are already infected,” says Patterson, “so we’re focused on seeing the imminent launch of a latent attack.”
According to Patterson, infrastructure attacks are difficult even to detect. “Knowing that an attack on a process control system has occurred or is occurring usually means noticing that the physical process is becoming unstable,” he says. Also, “there is a point of no return after which damage or loss of life can occur. If the attack can be predicted, however, emergency procedures might be applied — such as shutting down a turbine.”
Automated process control systems are designed and tested using accurate models for the process being controlled, and Patterson plans to use these models for detection. Instead of discarding the model after testing, he plans to leave it in place in the deployed controller. The controller will then store two identical and periodically synchronized copies of the control algorithm: one connected to the physical process and the other connected to the model. Patterson explains that the model can be fast-forwarded a short time to detect dangers. “We’d see anomalous behavior in the modeled system up to a minute before it happens in the real system, giving extra time to intervene and put the system into a safe state.” The prediction unit, backup controller, and switchover mechanism are fixed, synthesized into programmable hardware, and formally verified. They cannot be modified remotely.
Patterson and Baumann plan to test this approach by controlling an inverted pendulum system. “We don’t want to solve this just in MATLAB,” Baumann explains. “We can’t use real process control systems such as those in chemical or nuclear plants. They don’t let people play with them.” The inverted pendulum has many of the same issues that would arise in real systems, including instability, nonlinearity, actuation limits, and disturbances.
Once they have developed their tools and prototype, they plan to allow open access to the system and see if anyone can hack it.