Visible to the public CAREER: Formal TOols foR SafEty aNd Security of Industrial Control Systems (FORENSICS)Conflict Detection Enabled

Project Details

Performance Period

May 01, 2019 - Apr 30, 2024


Boise State University


National Science Foundation

Award Number

The goal of the project is to develop a multi-layer security framework to provide control technicians and engineers with far superior mechanisms to address the increasing risk of cybersecurity attack on vulnerable water treatment plants and reduce latent risks to public health and safety, industry, and national security. The findings will generate knowledge base and forensic tools to help control engineers to quickly detect and mitigate potential security flaws in central components across control systems, including industrial control software, sensors, and actuators. Industrial control systems are integral to the operations of many of the nation's largest manufacturers as well as to water treatment facilities, oil and gas production, and power plants. It is becoming increasingly common for organizations to facilitate improved communication and efficiency across and between organizations or subsidiaries by connecting their control systems to the Internet. However, in so doing, they become vulnerable to cyberattacks that could result in significant danger or disruption to city or regional populations or to geographically dispersed production chains.

The project fills research and deployment gaps by developing a reliable and scalable formal framework by (1) developing formal models, algorithms, tools, and libraries to provide control technicians with a practical toolkit to integrate security into the control software without any expertise in cybersecurity, (2) developing process control anomaly detection mechanism and visualization tools, (3) developing new experimental methods and software to investigate the security of sensors and actuators and detect intrusions that are based on the Advanced Persistent Threat (APT), (4) providing training for students, teachers, control engineers, and control technicians to be more prepared to ask questions about cybersecurity and investigate how to tackle cybersecurity in their daily responsibilities.