SafeCI: Avoiding Process Anomalies in Critical Infrastructure

Abstract A cyber attack on a water or power system may lead to a process anomaly. Several methods have been proposed to detect such anomalies. An obvious and implicit assumption that underlies anomaly detection is that the detection occurs after the process moves into an anomalous state. While such detection is necessary during plant operation, it may not be sufficient to avoid plant damage and service disruption. This work explores a method, referred to as SafeCI, to assess the validity of a command issued by a plant controller, or directly by a malicious agent, prior to its reception at the target actuator. Modelling using SafeCI is illustrated using an example from a critical infrastructure, namely a water treatment plant named SWaT. An experimental evaluation was conducted on SWaT to assess the SafeCI in avoiding a plant from entering into an anomalous state. Results from the experiments are summarized and potential enhancements to SafeCI proposed.