Identification and Localization of Cyber-Attacks in Industrial Facilities

A new method for improving cyber-security of interconnected smart components of industrial systems is introduced and evaluated. Since usual informational security measures are often bypassed (in spite of existing IT security measures), the new proposed method is based on physical models for detecting manipulations resulting from cyber-attacks. The method builds on and goes beyond traditional ways of Data Reconciliation used in chemical facilities by extending it using prior knowledge on informational properties of components. Thereby, our approach is not restricted to a specific attacker model, which is a significant advantage for the detection of unknown cyber-attacks. The attack detection using the new method is demonstrated using the example of a cooling circuit - as it may be found in chemical processing facilities. Receiver operating characteristics (ROC-curves) are used to show and to quantify the improvement provided by our new method over the performance of traditional Data Reconciliation.