(257h) Securing Process Control Systems Using Dynamic Watermarking

Satchidanandan, B., Texas A&M University
Ko, W. H., Texas A&M University
Kim, J., Texas A&M University
Kumar, P. R., Texas A&M University
Narasingam, A., Texas A&M University
In this work, we address the problem of securing a process control system. Specifically, we consider a multiple-input-multiple-output process control system, an arbitrary subset of whose sensors could be "malicious." A malicious sensor need not report the observations that it measures truthfully to the controller. Rather, they could distort the measurements in an arbitrary fashion to achieve any objective that they may have, such as degrading the system performance or destabilizing the closed loop. In this work, we examine the efficacy of dynamic watermarking, developed in the prior work [1] in the context of securing linear stochastic systems. The fundamental idea of dynamic watermarking is for the actuators in the system to superimpose a small random noise, referred to as the private excitation, on the pre-specified control input, and check if the measurements reported by the sensors are appropriately correlated with the private excitation. If not, the actuators can conclude that the output signal has been made unauthorized alterations, and thereby declare the presence of malicious sensors in the system.

As an initial effort to experimentally demonstrate that dynamic watermarking is effective in securing a nonlinear process control system, a representative coupled water tank system is considered. Specifically, the coupled water tank system consists of a single pump with two tanks, referred to as the upper-level tank and the lower-level tank. The pump feeds water to the upper-level tank, and its outflow is introduced to the lower-level tank. Each tank is instrumented with a pressure sensor which measures the water level in the tank, and feeds it back to the controller. The controller's objective is to maintain the water level at a given set-point by controlling the voltage across the pump.

We emulate a scenario wherein an adversary compromises the pressure sensors in the system and reports erroneous values of the water level to the controller. This eventually leads to the tanks over flowing. We then implement dynamic watermarking in this system to check whether or not the measurements reported by the pressure sensors are manipulated, and show how it can detect malicious sensors, if they are present, within a short span of time. Once malicious sensors are detected, the controller can abstain from closing the loop around the measurements reported by them and prevent the tanks from overflowing.

The demonstrated efficacy of dynamic watermarking in securing this simple system, together with the observation that it can be implemented on legacy control systems with minimal modifications to the control logic, will build confidence in dynamic watermarking and make it attractive for widespread adoption by the industry for securing process control systems.


[1] B Satchidanandan, PR KumarDynamic. Watermarking: Active defense of networked cyber–physical systems, Proceedings of the IEEE, 2017, 105 (2), 219-240.