A Plant-Wide Industrial Process Control Security Problem

  • Thomas McEvoy
  • Stephen Wolthusen
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 367)


Industrial control systems are a vital part of the critical infrastructure. The potentially large impact of a failure makes them attractive targets for adversaries. Unfortunately, simplistic approaches to intrusion detection using protocol analysis or naïve statistical estimation techniques are inadequate in the face of skilled adversaries who can hide their presence with the appearance of legitimate actions.

This paper describes an approach for identifying malicious activity that involves the use of a path authentication mechanism in combination with state estimation for anomaly detection. The approach provides the ability to reason conjointly over computational structures, and operations and physical states. The well-known Tennessee Eastman reference problem is used to illustrate the efficacy of the approach.


Industrial control systems subversion detection 


  1. 1.
    L. Bie and X. Wang, Fault detection and diagnosis of a continuous process based on multiblock principal component analysis, Proceedings of the International Conference on Computer Engineering and Technology, pp. 200–204, 2009.CrossRefGoogle Scholar
  2. 2.
    M. Coutinho, G. Lambert-Torres, L. da Silva, J. da Silva, J. Neto, E. da Costa Bortoni and H. Lazarek, Attack and fault identification in electric power control systems: An approach to improve security, Proceedings of the Power Tech Conference, pp. 103–107, 2007.Google Scholar
  3. 3.
    A. Creery and E. Byres, Industrial cybersecurity for power systems and SCADA networks, Proceedings of the Fifty-Second Annual Petroleum and Chemical Industry Conference, pp. 303–309, 2005.CrossRefGoogle Scholar
  4. 4.
    X. Dang, E. Albright and A. Abonamah, Performance analysis of probabilistic packet marking in IPv6, Computer Communications, vol. 30(16), pp. 3193–3202, 2007.CrossRefGoogle Scholar
  5. 5.
    J. Downs and E. Vogel, A plant-wide industrial process control problem, Computers and Chemical Engineering, vol. 17(3), pp. 245–255, 1993.CrossRefGoogle Scholar
  6. 6.
    D. Gamez, S. Nadjm-Tehrani, J. Bigham, C. Balducelli, K. Burbeck and T. Chyssler, Safeguarding critical infrastructures, in Dependable Computing Systems: Paradigms, Performance Issues and Applications, H. Diab and A. Zomaya (Eds.), John Wiley, Hoboken, New Jersey, pp. 479–499, 2005.Google Scholar
  7. 7.
    T. Kraus, P. Kuhl, L. Wirsching, H. Bock and M. Diehl, A moving horizon state estimation algorithm applied to the Tennessee Eastman benchmark process, Proceedings of the IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems, pp. 377–382, 2006.CrossRefGoogle Scholar
  8. 8.
    T. Larsson and S. Skogestad, Plant-wide control – A review and a new design procedure, Modeling, Identification and Control, vol. 21(4), pp. 209–240, 2000.CrossRefGoogle Scholar
  9. 9.
    T. McEvoy and S. Wolthusen, A formal adversary capability model for SCADA environments, presented at the Fifth International Workshop on Critical Information Infrastructure Security, 2010.Google Scholar
  10. 10.
    T. McEvoy and S. Wolthusen, Detecting sensor signal manipulations in non-linear chemical processes, in Critical Infrastructure Protection IV, T. Moore and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 81–94, 2010.CrossRefGoogle Scholar
  11. 11.
    T. McAvoy and N. Ye, Base control for the Tennessee Eastman problem, Computers and Chemical Engineering, vol. 18(5), pp. 383–413, 1994.CrossRefGoogle Scholar
  12. 12.
    N. Ricker, Decentralized control of the Tennessee Eastman challenge process, Journal of Process Control, vol. 6(4), pp. 205–221, 1996.MathSciNetCrossRefGoogle Scholar
  13. 13.
    D. Sangiorgi and D. Walker, π-Calculus: A Theory of Mobile Processes, Cambridge University Press, Cambridge, United Kingdom, 2001.MATHGoogle Scholar
  14. 14.
    D. Simon, Optimal State Estimation: Kalman, H  ∞  and Nonlinear Approaches, John Wiley, Hoboken, New Jersey, 2006.CrossRefGoogle Scholar
  15. 15.
    S. Su, X. Duan, X. Zeng, W. Chan and K. Li, Context information-based cyber security defense of protection system, IEEE Transactions on Power Delivery, vol. 22(3), pp. 1477–1481, 2007.CrossRefGoogle Scholar
  16. 16.
    N. Svendsen and S. Wolthusen, Using physical models for anomaly detection in control systems, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 139–149, 2009.CrossRefGoogle Scholar
  17. 17.
    C. Ten, G. Manimaran and C. Liu, Cybersecurity for critical infrastructures: Attack and defense modeling, IEEE Transactions on Systems, Man and Cybernetics (Part A: Systems and Humans), vol. 40(4), pp. 853–865, 2010.CrossRefGoogle Scholar
  18. 18.
    J. Verba and M. Milvich, Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS), Proceedings of the IEEE Conference on Technologies for Homeland Security, pp. 469–473, 2008.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Thomas McEvoy
    • 1
    • 2
  • Stephen Wolthusen
    • 3
    • 1
  1. 1.Royal Holloway, University of LondonLondonUnited Kingdom
  2. 2.HP Information SecurityBracknellUnited Kingdom
  3. 3.Norwegian Information Security LaboratoryGjovik University CollegeGjovikNorway

Personalised recommendations