ERI: Operator-Automation Shared Protection for Security and Safety Assured Industrial Control Systems: Learning, Detection, and Recovery Control

About This Grant

Industrial control systems (ICSs) are commonly utilized in critical infrastructures, including power, water treatment and distribution, and transportation. However, the increasing digitization of ICSs, involving sensing, communication, and control, brings advanced features but also exposes vulnerabilities to malicious cyber-attacks. Protecting ICSs from such attacks is crucial due to the potential catastrophic physical damages they can cause. The project aims to develop a comprehensive solution, integrating human-on-the-loop explainable machine learning (ML), detection, and recovery control in an operator-automation shared protection framework, to provide security and safety-assured ICSs against malicious cyber-attacks. Moreover, the project will incorporate engineering research and education to train students, particularly those from Under-Represented Minorities (URM), and cultivate a diverse, globally competitive cybersecurity workforce. With the goal of lowering barriers to ICSs security research and education, this project aims to have a significant impact by providing accessible testbeds for a diverse population of beginning and expert cybersecurity students and engineers to learn and practice. The underlying concept of process anomaly detection, which is used for detecting cyber-attacks, involves comparing observed and expected behaviors based on physical invariants. The data-driven approach has the advantage of automatically discovering these physical invariants without requiring domain expertise. However, existing approaches based on black-box Machine Learning (ML) often overlook the role of system operators in safety-critical ICSs. The lack of insightful explanations in detection results hinders system operators from conducting troubleshooting and isolating anomalous sensors and actuators under attack, which is necessary for scheduling online recovery. To address this issue, the PI's team proposes to develop an operator-automation shared protection framework that unifies human-on-the-loop explainable ML, detection, and recovery control. This framework aims to enable real-time decision-making using cutting-edge ML and control techniques while valuing the feedback of human operators to prevent over-trust in autonomy in a safety-critical system. The research project has three major objectives: 1) The PI's team will develop insightful hybrid automata learning that captures physical invariants in a way that system operators can understand the model and the detection results, verify and correct the model, and localize anomalies; 2) A real-time provably safe control under uncertainty will be designed to restore the system to normal operation without violating safety constraints; and 3) the PI’s team will evaluate, demonstrate, and disseminate best practices of the proposed framework on 3D simulated and real testbeds with portability across a wide range of ICSs for lowering the barriers to ICSs security research and education. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.