26 lines
1.4 KiB
Markdown
Executable File
26 lines
1.4 KiB
Markdown
Executable File
--- tags:
|
|
- Ideas --- ## What are we doing: Remember when Lance was talking
|
|
about his monitor that would read a control system to see if a
|
|
cyber-attack was taking place? This is in that vein. The idea
|
|
that I'm thinking of is that to tell if a control system is
|
|
compromised, we should be able to look at the dynamics of the
|
|
system to know if an attack is happening. A couple thoughts:
|
|
1. Sensor integrity: If we have a monitor that is an observer,
|
|
this monitor should be able to know when the plant is diverging
|
|
from what it would expect based on sensor values and it's model
|
|
of the plant. When the error signal has a higher magnitude than
|
|
expected, this is a sure fire sign that something might be wrong.
|
|
1. This is sensitive to maintenance problems however.
|
|
2. Monitor must be using data diodes and not connected to any
|
|
outside sources.
|
|
2. A secondary, redundant control system: Assuming the
|
|
perpetrator is tampering with signals, activate a secondary
|
|
control system that a) latches the first system out of its
|
|
control authority, and b) operates a safety shutdown mode. This
|
|
controller doesn't need to be super fancy - it just needs to
|
|
prevent damage. ## Why are we doing this: This seems like a fun
|
|
way to integrate control system math with cybersecurity. This is
|
|
somewhat a more CIE topic, but actually does address some
|
|
cybersecurity issues. This could also be implemented using KOs
|
|
and the protected domains. ## Other details:
|