A Method For Engineering Secure Control Systems With Application To Critical Infrastructures

The protection of physical infrastructure from cyber-attacks is addressed only in part by what are typically thought of as cyber-security controls: strong passwords, encrypted data, and other similar security measures. These defensive measures reduce the likelihood that the computing and communication components will be breached, but do not enable a system to operate in spite of that breach. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical effects. When assessing the security of a cyber-physical system, it is therefore necessary to understand how physical dynamics and cyber-security solutions collectively determine the outcome of a cyber-event. We outline the first steps towards a method for assessing the physical risks posed by a cyber-attack, assessing the impact of cyber-security solutions on those risks, and using this information to inform both design and investment decisions. We illustrate the proposed method with a model of a chiller system based on the supercomputer chillers at Oak Ridge National Laboratory.