Critial Review: Robust Cyber-Physical Systems Concepts, Models and Implementations

Global Optimal Solution

Arrival of a global optimal solution for a Cyber-Physical System (CPS) seems to share many commonalities with distributed decision making strategies taught in the business world. Information flows in a bi-directional fashion gaining in abstraction as it moves upwards in the chain and specificity as it moves downward. The end goal of distributed decision making is to set intent and move forward to the ultimate goal. In the case of CPS, it is easy to see how a centralized control system (the CEO, if you will) uses probabilistic methods to detect abnormalities in system state or attacks. In the distributed control system, the detection is distributed among the coordinated controllers which provide feedback down the reverse routing paths. This appears to be much like a team-of-teams approach where each team, dependent on one another, serves as a check for other teams. In this fashion, each controller ends up with knowledge about the other controllers, the perceived system state and the ideal system state.

More sensors means more variables from which the controller must conclude state. Andersson et al [1] provides a method for interpolating sensor data in space by enabling the sensors to determine what the collective answer is by monitoring the communication medium and chiming in only when they have a “better” answer. In this scenario, it may be possible for compromised sensors to continuously have the “better” answer to represent the space-adjacent sensors and thus obscure the truth of the situation. According to [1], the time to transmit the data is the time to content for the medium thereby reducing the overhead from sensor to controller, an outcome desirable to a distributed CPS. Additional capabilities may be added at the controller to throw out sensor failures if there is no physical way for the values to be accurate either over time or space. However, this seems to enable escape from plausibility as the “best” answer wins by adoption.

So, for example, a co-located collection of temperature sensors in an equipment room will send the maximum temperature to the controller. The controller in turn may then turn on the A/C in response. A compromised sensor may continuously report 100deg F, thereby keeping the A/C running at financial cost to the company. Similar to how the minimum temperature reported turns the heat on and possibly overheating the expensive equipment. All in all, this sounds like the co-located sensors reduce down to one answer. Malicious actors would need to understand the topology, leading to topology poisoning attacks, possible packet scheduling attacks, bias injection and false data attacks. Packet scheduling attacks might be mitigated if the controller had a suitable model for calculating next state and if the delayed packets resulted in obvious violations against the physics of the system (e.g., temperature change in delayed packets isn’t plausible based on other sensor information).

[1] appears to be a implementation that works with homogeneous devices, leaving opportunity for research with heterogeneous devices. As mentioned in [2], how might a controller turn various data types into information to be passed upwards to a cooperative controller? The software on the controller would need to be customized to make sense of the type of data received. Denial of Service, packet scheduling and topology poisoning attacks may disrupt the next-state determination of the controller, based on the weight given to each sensor input.


The distributed control system appears to concentrate opportunities at the cooperative controller level. Controllers increasingly abstract data into information, therefore, if a controller can be compromised, it has promise to compromise upstream and downstream decisions. Simple bias injection attacks to manipulate the actuators downstream of the controller’s micro-grid a well as false data injection attacks to its cooperative controller neighbors, possibly causing the system to arrive at an undesired global state. Sending bad data to others leverages the existing communication protocols between the devices.


[1] Andersson, Bjorn, Nuno Pereira, and Eduardo Tovar. “How a Cyber-Physical System Can Efficiently Obtain a Snapshot of Physical Information Even in the Presence of Sensor Faults.” In 2008 International Workshop on Intelligent Solutions in Embedded Systems, 1–10, 2008.

[2] Hu, Fei, Yu Lu, Athanasios V. Vasilakos, Qi Hao, Rui Ma, Yogendra Patil, Ting Zhang, Jiang Lu, Xin Li, and Neal N. Xiong. “Robust Cyber–Physical Systems: Concept, Models, and Implementation.” Future Generation Computer Systems 56 (March 2016): 449–75.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s