Title: Cyber-Informed Engineering Of Industrial Control Systems By Prioritization Of High Consequence Events, Conflict Clause Learning Technique, And Autotuning Mechanisms For The Real-Time Monitoring Of Critical Processes
Program: Doctor of Philosophy in Computing
Advisor: Dr. Hoda Mehrpouyan, Computer Science
Committee Members: Dr. Michael Ekstrand, Computer Science; Dr. Tim Andersen, Computer Science; Dr. Stephen J. Reese, Computer Science
Industrial Control Systems (ICS) are systems employed for the supervision, regulation, and control of industrial processes and critical infrastructure. These critical systems require robust measures to protect them against potential safety and security violations. Protecting the safety and security of ICS is a significant challenge facing nations and states today, necessitating the development of robust, dependable, and resilient ICS. Traditional cybersecurity and engineering practices continue to adopt an inefficient approach that treats security as an add-on element during the system design and development process. In response, this dissertation builds on a novel theoretical approach known as Cyber-Informed Engineering (CIE) that leverages safety and security co-engineering, comprehensive cybersecurity risk assessments, and resilient engineering at the early stages of system conceptualization and development. By exploring the state of the art, this research proposes and implements 1- an STPA-SafeSec-CDCL framework that integrates System Theoretic Process Analysis for Safety and Security (STPA-SafeSec) and Conflict Clause Learning technique (CDCL) technique for identifying and resolving safety and security conflicts. 2- a CCE-BBN innovative approach that combines the concept of Consequence Driven, Cyber-Informed Engineering (CCE) with Bayesian Belief Network (BBN) and Sensitivity Analysis (SA) for the analysis, identification, and prioritization of High Consequence Events (HCE) capable of crippling critical processes and functions of critical infrastructures. 3- Signal Temporal Logic (STL) and autotuning mechanisms for the real-time monitoring of critical processes and recovery of the system under attack within the shortest possible time to enable the system to complete its critical mission. We verified and validated the proposed approaches by utilizing the Tennessee Eastman plant, a complex model explicitly designed for the study of industrial processes and control to demonstrate how these frameworks can be used in real-world applications. The findings of this research provide both theoretical and practical solutions for building safe, secure, robust, reliable, and resilient ICS.