Dynamic Model Based Detection of Cyberattacks in Industrial Facilities

The proceeding digitalisation of industrial facilities does not only provide meeting the requirements of flexibility and just-in-time production. It comes with increasing vulnerability against cyberattacks. This already manifests in high numbers of cyberattacks against industry 4.0 facilities (KasperskyLab, 2020). In these cyber-physical-systems, cyberattacks do not only affect the informational system, they can also cause damage in the physical part that is closely coupled to the informational part.
Therefore, new methods for securing industry 4.0 facilities against cyberattacks are required. The method introduced in this paper continuously checks if the measurements and setpoints fulfil the systems physical relations utilizing data reconciliation and extends it by consideration of informational properties for detecting, localizing and selectively combatting cyberattacks.
Conventional protection methods like the comparison of each measurement with a specific range of save service cover only basic sensor failures and trivial cyberattacks. A more sophisticated protection method, which analyses the consistence of the static system state with respect to a static system model of the process was introduced in (Reibelt et al. ... mehr2020) using static data reconciliation. The new method presented here is also applicable in dynamic system states. This paper shows the adaptation of the data reconciliation based
approach for dynamic system relations and demonstrates its application.