摘要:AbstractThis paper focuses on the Fallback Control System (FCS), which is an emergency response method of networked Industrial Control System (ICS) as a countermeasure for cyber-attacks. The FCS is disposed on not networked controllers but controlled objects. After some incidents happen, the FCS isolates the controlled objects from networked controllers and controls the objects safely and locally. This ICS operation switching is one-way from normal one to fallback one and the recovery switching from the fallback one to the normal one still remains open. This is because there is a possibility of cyber-attacks aiming the reconnection of the controlled objects with the network controllers. Motivated by this, this paper proposes a Fallback and Recovery Control System (FRCS) by adding a safety recovery switching to the FCS. Maintaining the fallback control of the controlled object, the virtual operation mode of FRCS connects the networked controller with the virtual controlled object (Plant Simulator). The FRCS evaluates the ICS soundness from the responses between the controller and the virtual object and then reconnects the controller with the actual one. The ICS soundness evaluation is based on the discrete-event system observer. This paper verifies the validity of the proposed recovery switching via a practical experiment.
关键词:KeywordsSecurityPetri netsControl over networksObservers for linear systemsManufacturing automation over networksDiscrete event systems in manufacturing
