Retrofitting Cyber Physical Systems for Survivability through External Coordination

Most supervisory control and data acquisition (SCADA) systems have been in operation for decades and they in general have 24times7 availability requirement, hence upgrading or adding new fault tolerant logic into the systems to sustain faults caused by cyber attacks when these systems evolve into a cyber environment is often difficult to achieve. In the proposed approach, an external coordination layer is constructed that only interfaces with the SCADA systems through events and separate from the process under control. The coordination layer is a combination of transparent management of fault-tolerant schemes of critical services of a SCADA system and a model for coordinating different critical services when faults caused by cyber attack occur in that system. In addition, security-related knowledge, such as cyber attack patterns and potential fatal states, etc., are also modeled and built into the coordination layer. The advantages of our approach are twofold: (1) the survivability-related knowledge and protection scheme are built in the coordination layer which is external to the SCADA systems and therefore the disturbance to the underlying systems is greatly reduced; (2) "separation of concern" principle is truly reflected in our model in that fault- tolerance, security and survivability concerns are separated from supervisory and acquisition. In addition, the external coordination model will enable us to accommodate future requirements that may not even be anticipated today.