Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Survey and New Directions for Physics-Based Attack Detection in Control Systems



David Urbina, Jairo Giraldo, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Niles O. Tippenhauer, Justin Ruths, Richard Candell, Heinrik Sandberg


Monitoring the "physics" of control systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements in order to identify potentially false control commands or false sensor readings. In this paper, we review previous work based on a unified taxonomy that allows us to identify limitations, unexplored challenges, and new solutions. In particular, we propose a new adversary model and a way to compare previous work with a new valuation metric based on the trade-off between false alarms and the negative impact of undetected attacks. We also show the advantages and disadvantages of three experimental scenarios to test the performance of attacks and defenses: a) real-world network data captured from a largescale operational facility, b) a fully-functional testbed that can be used operationally for water treatment, and c) a simulation of frequency control in the power grid.
Grant/Contract Reports (NISTGCR) - 16-010
Report Number


cybersecurity, smart grid, manufacturing, industrial control systems
Created November 21, 2016, Updated November 10, 2018