Security Control Algorithms for Cyber‑Physical Systems

"Top Talk" is a Meituan Technical Academy lecture series that invites internal experts, industry leaders, and scholars to share best practices and cutting‑edge research. On September 10, 2020, Associate Professor Mo Yilin from Tsinghua University’s Department of Automation gave a talk titled “Security Control Algorithm Design for Cyber‑Physical Systems (CPS)”.

The speaker clarified that the Chinese term “安全” encompasses both “safety” and “security”. In CPS, the focus is on security: protecting the system against malicious attacks while maintaining normal operation.

CPS, a concept introduced by the U.S. National Science Foundation in 2006, integrates computation, communication, and control (the three C’s) into physical environments. Examples include autonomous vehicles, smart homes, and industrial control systems.

Security threats arise because CPS are increasingly networked. Traditional control networks such as CAN‑BUS are isolated, making large‑scale attacks difficult. However, the trend toward ubiquitous connectivity expands the attack surface, as illustrated by the Stuxnet worm that sabotaged Iranian centrifuges.

Key challenges include:

Physical systems cannot simply be shut down when compromised (e.g., a moving vehicle or drone).

Critical infrastructures like power grids must continue operating despite attacks.

High reliability requirements demand stronger guarantees than typical best‑effort security solutions.

To protect CPS, a multi‑layered defense—analogous to a castle with outer moats and inner walls—is required. The layers consist of Prevention, Detection, Resilience, and Recovery.

Control Perspective : Control theory can identify critical components, add redundancy, perform fault diagnosis, and design robust controllers that tolerate attacks.

Detection Perspective : Passive detection monitors sensor data for inconsistencies, but may fail against replay attacks. An active detection method injects a small, random “watermark” signal into the control input. If the system is uncompromised, the watermark appears in sensor measurements; if a replay attack replaces real data, the watermark disappears, revealing the intrusion. This approach is similar to a challenge‑response protocol.

Experimental results on a simple CPS showed that increasing the watermark energy improves detection probability, highlighting a trade‑off between detection performance and control degradation.

When the system model is unknown, data‑driven techniques can learn optimal watermark and detector designs. Simulations on a chemical process (TEP) demonstrated successful detection of replay attacks without explicit model knowledge.

Case studies on autonomous driving illustrated GPS spoofing attacks and how sensor fusion (IMU, radar, GPS) combined with security‑aware algorithms can isolate compromised sensors and maintain safe operation.

In summary, securing CPS requires interdisciplinary collaboration, combining control theory, intrusion detection, resilient estimation, and data‑driven methods to build a robust, multi‑layered defense.