André Teixeira

Uppsala University | UU · Department of Engineering Sciences

This paper addresses the optimal scaling of the ADMM method for distributed quadratic programming. Scaled ADMM iterations are first derived for generic equality-constrained quadratic problems and then applied to a class of distributed quadratic problems. In this setting, the scaling corresponds to the step-size and the edge-weights of the underlyin...

Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's system knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these resources are modeled for a networked control system architecture. It is shown that attack scenarios corr...

The alternating direction method of multipliers (ADMM) has emerged as a powerful technique for large-scale structured optimization. Despite many recent results on the convergence properties of ADMM, a quantitative characterization of the impact of the algorithm parameters on the convergence times of the method is still lacking. In this paper we fin...

In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system dynamics (privacy) using system identification techniques, and then performs a data injection attack (security). In particular, we consider an adversary c...

This paper proposes a game-theoretic approach to address the problem of optimal sensor placement against an adversary in uncertain networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected performance vertex, we consider a detector, with uncertain system...

This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the a...

In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impa...

One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this paper, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilien...

This article investigates the design of online stealthy attacks with the aim of moving the system's state to a desired target. Different from the design of offline attacks, which is only based on the system's model, to design the online attack, the attacker also estimates the system's state with the intercepted data at each instant and computes the...

This paper addresses the design of an active cyberattack detection architecture based on multiplicative watermarking, allowing for detection of covert attacks. We propose an optimal design problem, relying on the so-called output-to-output l2-gain, which characterizes the maximum gain between the residual output of a detection scheme and some perfo...

This paper addresses the issue of data injection attacks on control systems. We consider attacks which aim at maximizing system disruption while staying undetected in the finite horizon. The maximum possible disruption caused by such attacks is formulated as a non-convex optimization problem whose dual problem is a convex semi-definite program. We...

This paper addresses the issue of data injection attacks on control systems. We consider attacks which aim at maximizing system disruption while staying undetected in the finite horizon. The maximum possible disruption caused by such attacks is formulated as a non-convex optimization problem whose dual problem is a convex semi-definite program. We...

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by...

In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks in two setups: A full system knowl...

In this chapter, we consider stealthy cyber- and physical attacks against control systems, where malicious adversaries aim at maximizing the impact on control performance, while simultaneously remaining undetected. As an initial goal, we develop security-related metrics to quantify the impact of stealthy attacks on the system. The key novelty of th...

This chapter addresses the problem of detecting stealthy data injection attacks on sensor measurements in a networked control system. A multiplicative watermarking scheme is proposed, where the data from each sensor is post-processed by a time-varying filter called watermark generator. At the controller’s side, the watermark is removed from each ch...

In this introductory chapter, we illustrate the book’s motivation and objective. In particular, the book takes its raison d’être from the need for protecting Cyber-Physical Systems (CPSsCyber-Physical Systems (CPS)) against threats originating either in the cyber or in the physical domain. Exploring the concepts of safetySafety, securitySecurity, a...

This book presents an in-depth overview of recent work related to the safety, security, and privacy of cyber-physical systems (CPSs). It brings together contributions from leading researchers in networked control systems and closely related fields to discuss overarching aspects of safety, security, and privacy; characterization of attacks; and solu...

In this article two limitations in current distributed model based approaches for anomaly detection in large-scale uncertain nonlinear systems are addressed. The first limitation regards the high conservativeness of deterministic detection thresholds, against which a novel family of set-based thresholds is proposed. Such set-based thresholds are de...

This paper addresses the detection of stealthy attacks on sensor measurements. Inspired in authentication schemes with weak cryptographic guarantees, we propose a watermarking approach to validate the data and its source. In particular we propose a multiplicative scheme, where the sensor outputs are watermarked by a bank of filters, then transmitte...

This paper addresses the issue of data injection attacks on actuators in control systems. Considering attacks that aim at maximizing impact while remaining undetected, the paper revisits the recently proposed output-to-output gain, which is compared to classical sensitivity metrics such as H ∞ and H. In its original formulation, the output-to-outpu...

This paper addresses the issue of data injection attacks on actuators in control systems. Considering attacks that aim at maximizing impact while remaining undetected, the paper revisits the recently proposed output-to-output gain, which is compared to classical sensitivity metrics such as H∞ and H-. In its original formulation, the output-to-outpu...

To protect industrial control systems from cyberattacks, multiple layers of security measures need to be allocated to prevent critical security vulnerabilities. However, both finding the critical vulnerabilities and then allocating security measures in a cost‐efficient way become challenging when the number of vulnerabilities and measures is large....

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this p...

Understanding smart grid cyber attacks is key for developing appropriate protection and recovery measures. Advanced attacks pursue maximized impact at minimized costs and detectability. This paper conducts risk analysis of combined data integrity and availability attacks against the power system state estimation. We compare the combined attacks wit...

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systema...

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systema...

A class of data integrity attack, known as false data injection (FDI) attack, has been studied with a considerable amount of work. It has shown that with perfect knowledge of the system model and the capability to manipulate a certain number of measurements, the FDI attacks can coordinate measurements corruption to keep stealth against the bad data...

It is challenging to assess the vulnerability of a cyber-physical power system to data attacks from an integral perspective. In order to support vulnerability assessment except analytic analysis, suitable platform for security tests needs to be developed. In this paper we analyze the cyber security of energy management system (EMS) against data att...

In this paper, we address the problem of distributed reconfiguration of networked control systems upon the removal of misbehaving sensors and actuators. In particular, we consider systems with redundant sensors and actuators cooperating to recover from faults. Reconfiguration is performed while minimizing a steady-state estimation error covariance...

This paper addresses the detection and isolation of replay attacks on sensor measurements. As opposed to previously proposed additive watermarking, we propose a multiplicative watermarking scheme, where each sensor’s output is separately watermarked by being fed to a SISO watermark generator. Additionally, a set of equalizing filters is placed at t...

Low-voltage distribution grids experience a rising penetration of inverter-based, distributed generation. In order to not only contribute to but also solve voltage problems, these inverters are increasingly asked to participate in intelligent grid controls. Communicating inverters implement distributed voltage droop controls. The impact of cyber-at...

This paper introduces combined data integrity and availability attacks to expand the attack scenario against power system state estimation. The goal of the adversary, who uses the combined attack, is to perturb the state estimates while remaining hidden from the observer. We propose security metrics that quantify vulnerability of power systems to c...

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...

In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the system facilitates. Security is for example oft...

In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The generalized index exactly quantifies the resources necessary for targeted attacks to be undetectable...

We introduce a model of estimation in the presence of strategic, self-interested sensors. We employ a game-Theoretic setup to model the interaction between the sensors and the receiver. The cost function of the receiver is equal to the estimation error variance while the cost function of the sensor contains an extra term which is determined by its...

In this chapter, we survey cyber security solutions for control and monitoring systems that are used to manage the Smart Grid. We start with a short review of the history and use of Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems, and how cyber security in control systems has recently become a major co...

We derive the optimal step-size and over-relaxation parameter that minimizes the convergence time of two ADMM-based algorithms for distributed averaging. Our study shows that the convergence times for given step-size and over-relaxation parameters depend on the spectral properties of the normalized Laplacian of the underlying communication graph. M...

We propose and evaluate a down-sampled controller which reduces the network usage while providing a guaranteed desired linear quadratic control performance. This method is based on fast and slow sampling intervals, as the closed-system benefits by being brought quickly to steady-state conditions while behaving satisfactorily when being actuated at...

Critical infrastructures must continuously operate safely and reliably, despite a variety of potential system disturbances. Given their strict operating requirements, such systems are automated and controlled in real time by several digital controllers receiving measurements from sensors and transmitting control signals to actuators. Since these ph...

This paper presents optimal parameter selection and preconditioning of the alternating direction method of multipliers (ADMM) algorithm for a class of distributed quadratic problems, which can be formulated as equality-constrained quadratic programming problems. The parameter selection focuses on the ADMM step-size and relaxation parameter, while t...

This work presents a distributed framework for coordination of flexible electricity consumption for a number of households in the distribution grid. Coordination is conducted with the purpose of minimizing a trade-off between individual concerns about discomfort and electricity cost, on the one hand, and joint concerns about grid losses and voltage...

Resilience is the ability to maintain acceptable levels of operation in the presence of abnormal conditions. It is an essential property in industrial control systems, which are the backbone of several critical infrastructures. The trend towards using pervasive information technology systems, such as the Internet, results in control systems becomin...

The ability to maintain state awareness in the face of unexpected and unmodeled errors and threats is a defining feature of a resilient control system. Therefore, in this paper, we study the problem of distributed fault detection and isolation (FDI) in large networked systems with uncertain system models. The linear networked system is composed of...

We examine the feasibility of an attack on the measurements that will be used by integrated volt-var control (VVC) in future smart power distribution systems. The analysis is performed under a variety of assumptions of adversary capability regarding knowledge of details of the VVC algorithm used, system topology, access to actual measurements, and...

We consider a Gaussian cheap talk game with quadratic cost functions. The cost function of the receiver is equal to the estimation error variance, however, the cost function of each senders contains an extra term which is captured by its private information. Following the cheap talk literature, we model this problem as a game with asymmetric inform...

In this paper, we address the problem of distributed reconfiguration of first-order networked control systems under actuator faults. In particular, we consider the scenario where a network of actuators cooperates in order to recover from actuator faults. Such recovery is performed through a reconfiguration which minimizes the performance loss due t...

In this paper we consider a typical architecture for a networked control system under false-data injection attacks. Under a previously proposed adversary modeling framework, various formulations for quantifying cyber-security of control systems are proposed and formulated as constrained optimization problems. These formulations capture trade-offs i...

Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's system knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these resources are modeled for a networked control system architecture. It is shown that attack scenarios corr...

In this letter, we study the problem of fault detection and mitigation in networks where the measurements satisfy Kirchhoff's voltage law. First, we characterise the class of faults appearing as an additive fault vector (injected by a malicious adversary or due to equipment failures) that can be detected by taking into account the topology of the n...

In this paper the problem of revealing stealthy data-injection attacks on control systems is addressed. In particular we consider the scenario where the attacker performs zero-dynamics attacks on the system. First, we characterize and analyze the stealthiness properties of these attacks for linear time-invariant systems. Then we tackle the problem...

The alternating direction method of multipliers is a powerful technique for structured large-scale optimization that has recently found applications in a variety of fields including networked optimization, estimation, compressed sensing and multi-agent systems. While applications of this technique have received a lot of attention, there is a lack o...

In this paper we consider the problem of Distributed Fault Detection and Isolation (D-FDI) in large networked systems with imprecise models. Taking a previously proposed D-FDI scheme for a given initial network model, we analyze its performance under small changes in the network graph, namely the addition or removal of edges. Under some assumptions...

Recently the power system state estimator was shown to be vulnerable to malicious deception attacks on the measurements, resulting in biased estimates. In this work we analyze the behavior of the Optimal Power Flow (OPF) algorithm in the presence of such maliciously biased estimates and the resulting consequences to the system operator. In particul...

Misbehaviors among the agents in a network might be intentional or unintentional, they might cause a system-wide failure or they might improve the performance or even enable us to achieve an objective. In this article we consider examples of these possible scenarios. First, we argue the necessity of monitoring the agents in a network to detect if t...

After a general introduction of the VIKING EU FP7 project two specific cyber-attack mechanisms, which have been analyzed in the VIKING project, will be discussed in more detail. Firstly an attack and its consequences on the Automatic Generation Control (AGC) in a power system are investigated, and secondly the cyber security of State Estimators in...

In this paper, the existence of unknown input observers for networks of interconnected second-order linear time invariant systems is studied. Two classes of distributed control systems of large practical relevance are considered. It is proved that for these systems, one can construct a bank of unknown input observers, and use them to detect and iso...

In this paper we investigate stability and interaction measures for interconnected systems that have been produced by decomposing a large-scale linear system into a set of lower order subsystems connected in feedback. We begin by analyzing the requirements for asymptotic stability through generalized dissipation inequalities and storage functions....

In this paper we analyze the cyber security of state estimators in supervisory control and data acquisition (SCADA) systems for energy management systems (EMS) operating the power network. Current EMS state estimation algorithms have bad data detection (BDD) schemes to detect outliers in the measurement data, based on high measurement redundancy. A...

In this paper, we analyze the cyber security of state estimators in Supervisory Control and Data Acquisition (SCADA) systems operating in power grids. Safe and reliable operation of these critical infrastructure systems is a major concern in our society. In current state estimation algorithms there are bad data detection (BDD) schemes to detect ran...

The electrical power network is a critical infrastructure in today's society, so its safe and reliable operation is of major concern. State estimators are commonly used in power networks, for example, to detect faulty equipment and to optimally route power flows. The estimators are often located in control centers, to which large numbers of measure...

This paper is an endeavour to address the problem of distributed leader selection in a formation of autonomous agents where the agents do not communicate directly via communication channels. The algorithm that the agents use to select a leader relies on the agents observing each others’ behaviours. It is shown that the proposed algorithm is termina...

Networked control systems under certain cyber attacks are analyzed. The communication network of these control systems make them vulnerable to attacks from malicious outsiders. Our work deals with two types of attacks: attacks on the network nodes and attacks on the communication between the nodes. We propose a distributed scheme to detect and isol...

In this paper, we study stealthy false-data attacks against state estimators in power networks. The focus is on applications in SCADA (Supervisory Control and Data Acquisition) systems where measurement data is corrupted by a malicious attacker. We introduce two security indices for the state estimators. The indices quantify the least effort needed...

Observers for distributed fault detection of interconnected second-order linear time invariant systems is studied. Particularly, networked systems under consensus protocols are considered and it is proved that for these systems one can construct a bank of so-called unknown input observers, and use their output to detect and isolate possible faults...