Journal of Process Control 105 (2021) 99–107 Contents lists available at ScienceDirect Journal of Process Control journal homepage: www.elsevier.com/locate/jprocont Zero-dynamics attacks on networked control systems ∗ Syed Ahmed Pasha a , , Ayesha Ayub b a b Department of Electrical & Computer Engineering, Air University, Islamabad, 44000, Pakistan Electrical Engineering and Computer Science, NUST, Islamabad, 44000, Pakistan article info Article history: Received 15 May 2021 Received in revised form 27 May 2021 Accepted 20 July 2021 Available online 2 August 2021 Keywords: Zero-dynamics attack False data injection Geometric control Networked control system Cyberphysical system a b s t r a c t The coupling of physical systems with information technologies infrastructure in a networked control system (NCS) has a number of advantages such as remote control, reduced system complexity, low maintenance cost and improved system efficiency. But these benefits come at the cost of making the NCS vulnerable to cyberphysical attacks on the communication layer. One such class of attacks is the zero-dynamics attack (ZDA) which targets the internal dynamics of an NCS with the potential to cause serious damage to the physical system while remaining stealthy. A better understanding of how ZDAs are constructed will enable more effective countermeasures. In this paper, we discuss two approaches for constructing a ZDA and demonstrate using three industrial processes studied in this context perhaps for the first time. © 2021 Elsevier Ltd. All rights reserved. 1. Introduction The rapid advancement in the field of digital control systems has led to the use of digital controllers and communication networks in many control processes, subsequently transforming the traditional control system into a networked control system (NCS). An NCS is a type of a cyberphysical system where the controller is geographically distributed and controls a physical process by sending control signals via a communication network [1,2]. The basic architecture of an NCS includes a physical process (or plant), sensors and actuators, a communication network and a controller. But the coupling of the physical system with the information technologies infrastructure makes an NCS vulnerable to cyberphysical attacks on its communication layer [3–7]. Such attacks disrupt the normal behaviour of a physical process and are capable of causing catastrophic physical damage to the plant. The first reported incident of a cyberphysical attack on an industrial process goes back to the 1982’s Serbian pipeline explosion [8]. But the 2003 US–Canada blackout can be considered as the turning point for security of cyberphysical systems. Cyberphysical security gained even greater attention after the 2010 StuxNet attack that targeted the centrifuge control system at an Iranian nuclear power plant [9,10]. The severity of a cyberphysical attack can be understood by this attack whose goal was to physically damage the plant. Further examples of staged attacks on cyberphysical systems can be found in [5,11–13]. A cyberphysical attack can be classified based on the aim of the attack which can vary from withholding data to physically ∗ Corresponding author. E-mail address: s.pasha@mail.au.edu.pk (S.A. Pasha). https://doi.org/10.1016/j.jprocont.2021.07.010 0959-1524/© 2021 Elsevier Ltd. All rights reserved. damaging a plant. We begin a review of the literature on cyberphysical attacks on NCSs focusing on approaches for generating stealthy attacks. An important class of attacks is the denial-ofservice (DoS) attack (also known as packet flooding attack in the computer science literature) where an attacker tampers with the packet delivery. Thus, preventing the plant from receiving the control signal or the controller from receiving the sensor data. Amin et al. [14], have considered controller design subject to safety and power constraints in the presence of a DoS attack and cast the optimal control problem as a semi-definite program. The controller design approach of Yuan et al. [15], is based on value iteration methods and linear matrix inequalities for computing control laws under a DoS attack. Zhang et al. [16], have proposed a scheduling policy for an attacker to degrade system performance subject to some energy constraints. A stochastic control problem has been considered by Befekadu et al. [17], under a Markov modulated DoS attack strategy. A scheduling policy for transmission of packets that preserves input-to-state stability of the closedloop system in the presence of DoS attacks has been discussed by De Persis and Tesi [18]. This work has been extended to multiple channels by Lu and Yang [19]. Another important class of cyberphysical attacks is the replay attack which is a closed loop attack, that is, it requires online information to construct an attack signal. A replay attack is carried out in two simple steps: first, an attacker takes control of the sensors and records the sensor output data for a sufficient amount of time (without injecting additional input into the system). Then, the attacker injects a sequence of desired input while simultaneously replaying the output data recorded earlier. The effect of a data replay attack on a discrete-time linear time invariant (LTI) Gaussian system equipped with an infinite horizon linear S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 quadratic Gaussian (LQG) controller has been studied by Mo and Sinopoli [11]. The authors have provided conditions on the feasibility of a replay attack. An extension to systems subject to state and input constraints based on a variation of the recedinghorizon control law has been studied by Zhu and Martinez [20]. In Miao et al. [21], the authors have studied the relation between control system performance and detection rate for replay attacks. They have employed a finite horizon, zero-sum, nonstationary stochastic game approach to obtain an optimal control policy in the presence of replay attacks. The deception attack is another important class of cyberphysical attacks that sends false data via a sensor or controller. It is designed in a way to deceive the monitoring system to assume that the plant is operating nominally. Scenarios where bad data detectors fail to detect deception attacks have been investigated by Teixeira et al. [22]. By relaxing the assumption that an attacker has perfect knowledge of the system, the authors have studied the relation between accuracy of the model known to an attacker and the potency of a deception attack. A false data injection (FDI) attack is a subclass of deception attacks performed on the sensors, requiring knowledge of the system. The seminal work of Liu et al. [12,23] drew attention to the vulnerability of bad data detectors and discussed, for the first time, FDI attacks against state estimation in electric power grids. For a discretetime LTI Gaussian system equipped with an LQG controller, Mo and Sinopoli [24], have shown how to design input to the state estimator by providing a necessary and sufficient condition under which an attacker can destabilize the system undetected. Li et al. [25], have studied an FDI attack on an NCS in a Stackelberg game (leader–follower game) framework. For a comprehensive review of FDI attacks on power systems, the reader is referred to the wok of Liang et al. [26]. Here, we are concerned with another subclass of deception attacks known as the zero-dynamics attack (ZDA). A ZDA is an open loop stealthy attack that targets the internal dynamics of an NCS. The construction of a ZDA requires knowledge of the system. A ZDA targets the class of non-minimum phase systems by exploiting the unstable zeros. The existence of a geometrically increasing input with no apparent change at the output makes ZDA a serious threat. Using a geometric control framework [27,28], stealthiness properties of a ZDA for an LTI system have been characterized by Teixeira [13]. Based on these results, the design of an FDI in the control signal generated by an LQG controller that remains stealthy has been discussed by Keller and Sauter [29]. A better understanding of how ZDAs are constructed will lead to more effective means to protect against such attacks. With this motivation, in this paper we make the following contributions: Fig. 1. Networked control system (NCS) under attack. Notation. For an n × n matrix X , by X ≥ 0, we mean that X is positive semidefinite. For any matrix X , Im(X ) denotes the range space of X and null(X ) denotes the null-space of X . In is an n × n identity matrix. 2. Networked control system model Consider a networked control system (NCS) shown in Fig. 1 which consists of a plant, a communication network connecting the plant to a controller and an anomaly detector that has access to both the sensor as well as actuator data. We consider a scenario where an attacker who does not have access to the sensor and actuator data injects false data into the actuator channels without detection by the anomaly detector. A linear time-invariant state-space representation of the NCS in discrete-time is given by xk+1 = Axk + Bµk + wk (1) yk = Cxk + vk (2) µ k = uk + ak (3) n q where xk ∈ R is the state at time k, uk ∈ R is the feedback control law transmitted to the plant via the actuator channels, yk ∈ Rm is the sensor data transmitted to the controller via the sensor channels. ak ∈ Rq is the attack vector injected into the actuator channels. wk ∈ Rn and vk ∈ Rm are zero mean white noise with ( ) ( wk W var = vk 0 1. we generalize the approach of Teixeira [13], to construct a ZDA by considering the effect of the output feedback control which was ignored in [13]; this entails state estimation via Kalman filtering; 2. we demonstrate, for the first time, the effects of a ZDA on three industrial processes: the Tennessee Eastman process (TEP) [30], the sextuple tank process (STP) [31] and a sugar mill system [32]. A simplified version of the TEP has been studied by Mo et al. [33] to detect a replay attack; 3. we compare two approaches for constructing a ZDA, emphasizing the computational aspects of the algorithms and studying their effects on the three industrial processes, referring the interested reader to the theoretical results in the literature. 0 V ) where W ≥ 0 and V ≥ 0. Matrices A, B and C are of appropriate dimensions. Remark 1. In general, the network communication layer is prone to packet losses, delays as well as other network related issues. Therefore, the sensor and actuator data will be unreliable. There is substantial literature concerned with such issues. But to focus on the dynamics of the NCS due to false data injection (FDI) these issues are not considered. We make the following assumption. Assumption 1. In the absence of an attack, communication from the sensors to the controller and from the controller to the plant is reliable, i.e., in Fig. 1, νk = yk and µk = uk . During an attack, communication from the sensors to the controller is reliable, but from the controller to the plant is unreliable i.e., νk = yk and µk ̸= uk . The paper layout is as follows: Section 2 provides a model of the NCS under attack and the assumptions needed to construct a ZDA. In Section 3, we discuss two approaches for constructing a ZDA. In Section 4, we demonstrate the two approaches using three industrial processes. Finally, Section 5 concludes the paper. 100 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 In the absence of an attack, the NCS model (1)–(3) can be written as x̄k+1 = Ax̄k + Būk + wk (4) ȳk = C x̄k + vk (5) ūk = uk (6) Subtracting (4)–(6) from (1)–(3), the NCS dynamics due to an FDI attack are given by x̃k+1 = Ax̃k + B(ũk + ak ) Fig. 2. (A, B)-controlled invariant subspace. (7) ỹk = C x̃k (8) ũk = uk − ūk (9) Consider a dynamical system given by zk+1 = Azk + Buk where x̃k := xk − x̄k and ỹk := yk − ȳk . Without loss of generality, let k = 0 be the time when an attack is initiated. Then, we have x̄o = xo ⇒ x̃o = 0. In addition to Assumption 1, we make the following standard assumptions [13,29]. yk = Czk (10) (11) where zk ∈ Rn is the state at time k, uk ∈ Rq is the input and yk ∈ Rm is the output. Definition 1 ([38]). A subspace V ⊆ Rn is A-invariant if AV ⊆ V . Assumption 2. (4)–(6). The attacker has knowledge of the system A property of an A-invariant subspace is the following [38, Property 3.2.1]. A subspace V with a basis matrix Q is A-invariant if and only if there exists a matrix X such that Assumption 3. m ≤ q ≤ n. Matrices B and C are full rank, i.e., rank(B) = q and rank(C ) = m. Moreover, the system (4)–(6) is minimal. Assumption 4. (A, C ) is observable and (A, B) is controllable. Assumption 5. The system (4)–(6) is stable. AQ = QX (12) See [38, pp. 128] for a proof. Let B = Im(B), a controlled invariant subspace can be defined as follows [27,37,38]. Definition 2. A subspace V ⊆ Rn is (A, B)-controlled invariant if AV ⊆ V + B. Remark 2. Assumption 2 is required to construct a state-space model whose output forms the attack vector. In Assumption 3, the condition q ≤ n is required to obtain the subspace B = Im(B) ⊆ Rn restricted to the column-space of the input matrix B. Similarly, the condition m ≤ n is required to obtain the subspace C = null(C ) ⊆ Rn restricted to the null-space of the output matrix C . Finally, the condition m ≤ q is needed to ensure CB(CB)T has full rank. A useful property is the following [38, Property 4.1.4]. A subspace V with a basis matrix Q is controlled invariant if and only if there exist matrices X and U such that AQ = QX + BU See [38, pp. 202] for a proof. A controlled invariant can be transformed into a simple invariant via a suitable state feedback [38, Theorem 4.1.2]. The conditions for a stealthy attack can be stated as the following lemma. Theorem 2. A subspace V is an (A, B)-controlled invariant subspace if and only if there exists a matrix F such that (A + BF )V ⊆ V . Lemma 1. The system (1)–(3) is attackable without being detected if and only if the system states can be excited such that lim supk→∞ ∥x̃k ∥ = ∞, and ∥ỹk ∥ ≤ γ , ∀k ≥ 0 and γ > 0. See [38, pp. 202] for a proof. 3. Zero-dynamics attack construction Remark 3. From Theorem 2, there exists a nonempty subspace V and a matrix F such that if the control law is taken as uk = Fzk , for all k, then the system (10)–(11) enters the (A, B)-controlled invariant subspace V and is restricted to this subspace for all k, i.e., (A + BF )V ⊆ V . We discuss two approaches for constructing a zero-dynamics attack (ZDA) on an NCS. In [13], a ZDA is constructed based on the geometric control approach [27,28]. The attack vector ak is the output of an autonomous dynamic system (ZDA via output feedback). In [29], a fault detection and isolation based approach has been used and the attack vector ak is generated from the states of a stable system (ZDA via state feedback). We begin with a review of some relevant results in geometric control. This result is illustrated in Fig. 2. If the controlled invariant subspace V is contained in C = null(C ), we obtain an output-nulling controlled invariant subspace [39,40]. Among the set of these subspaces V ⊆ C , the maximal element Vm is called the maximal output-nulling invariant subspace [38]. An algorithm to determine Vm can be found in [38, Algorithm 4.1.2, pp. 204],[41]. The eigenvalues of A + BF restricted to the eigenspace spanned by Vm are referred to as the zeros of the system (10)–(11). For zo ∈ Vm and uk = Fzk for all k, the system will remain in the subspace Vm with the output in (11) identically zero for all k ≥ 0. 3.1. Zero dynamics A related problem in geometric control is that of zerodynamics [34–36] which requires the system output to be zero for nonzero initial conditions and input. Zero-dynamics can be understood using the notion of a controlled invariant subspace [27,35,37,38]. 101 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 Fa ∈ Rn×nz and da ∈ Rnz , with nz = # unstable zeros of the system. The second term on the right in (17) is responsible for exciting x̃k with da close to the origin. The matrices Ka and Fa are designed such that the plant states for k ≥ 0 are contained in the (A, B)-controlled invariant subspace. We consider three scenarios below. Before Attack (k < 0) 3.2. ZDA via output feedback Taking the approach in [13], a ZDA can be constructed as, zk+1 = (A + BF )zk , zo ∈ Vm (13) ak = Fzk (14) with F such that (A + BF )Vm ⊆ Vm . The attack vector ak is then fed to the NCS (1)–(3). By taking x̃o = zo , the output in (8) is guaranteed to satisfy the conditions of a stealthy attack in Lemma 1. x̃k = 0 ỹk = 0 Start of Attack (k = 0) Remark 4. Note the apparent contradiction in the choice of x̃o = 0 in the model (7)–(9) and x̃o = zo ∈ Rq for the outputnulling condition. To make progress, we require that zo is close to the origin [13]. x̃1 = Fa da ỹ1 = CFa da To satisfy the output-nulling condition, we must have CFa = 0 since da ̸ = 0. If C⊥ is an (n − m) × n matrix of rank n − m whose rows are orthogonal to the rows of C , then the projection theorem gives Remark 5. If the output-nulling condition is satisfied, i.e., ỹk for all k ≥ 0 is at the origin, the output feedback control in (7) can be dropped. But ỹk is not at the origin so we consider its effect which was ignored in [13]. T T −1 I = C T (CC T )−1 C + C⊥ (C⊥ C⊥ ) C⊥ Thus, the NCS dynamics due to a ZDA including the output feedback control are given by (7) where ũk = −K x̂k and the controller dynamics are given by ⇒ Fa = [I − C T (CC T )−1 C ]F̄ x̂k+1 = Ax̂k + Bũk + L(ỹk − C x̂k ) x̃l = (A − BKa )l−1 Fa da , for any F̄ ∈ Rn×nz . During Attack (k > 0) l>1 where x̂k is a state estimate from the Kalman filter, K is the feedback gain and L is the observer gain. The dynamics of the augmented state vector ξk = (x̃Tk , x̂Tk )T are given by ỹl = C (A − BKa ) ξk+1 = Ãξk + B̃ak , ỹk = C̃ ξk Ka = [I − BT C T (CBBT C T )−1 CB]K̄ ξo = 0 l−1 (15) + BT C T (CBBT C T )−1 CA (16) A LC ] [ ] −BK B , B̃ = , C̃ = C A − BK − LC 0 [ for any K̄ ∈ R . We use the notion of an A-invariant subspace to show how the plant states can be excited to infinity. Note that in (12), if X is a diagonal matrix, then the columns of Q are the eigenvectors of A and AQ = QX is an eigenvalue problem. Let X = diag(z1 , . . . , znz ) where zj , j = 1, . . . , nz are the invariant zeros and Q = Fa then 0 . ] It follows from the output-nulling condition that ξo is not identically zero but close to the origin. Consider the solution of (15) for k > 0, ξk = Ãk ξo + k−1 ∑ (A − BKa )Fa = Fa diag(z1 , . . . , znz ) Ãk−1−i B̃F (A + BF )i zo . At the start of the attack, since zo ∈ Vm is close to the origin, the first term dominates. As the attack continues, zk increases geometrically which results in the second term dominating and thus lim supk→∞ ∥ξk ∥ = ∞. Finally, if the open loop system is unstable, there is a possibility that the attack vector excites the unstable modes of A. To avoid this, zo should be further restricted to the eigenspace of the stable poles of A. 4. Simulations We present simulation results to illustrate construction of ZDAs on three industrial processes. Our aims are threefold: 3.3. ZDA via state feedback (i) to demonstrate construction of a ZDA by exploiting unstable zeros in a system; (ii) to highlight the consequences of such an attack; (iii) to compare the performance of two different approaches for constructing a ZDA. The approach in [29] uses state feedback to construct a ZDA offline based on an attacker’s knowledge of the system. Consider again the NCS model (7)–(9). Substituting ak = −Ka x̃k to obtain the autonomous system x̃k+1 = (A − BKa )x̃k + δk,0 Fa da , x̃o = 0 4.1. Tennessee Eastman Process (17) ỹk = C x̃k The Tennessee Eastman process (TEP) [30] is a nonlinear industrial process that consists of five process units: two-phase reactor, stripper, compressor, separator and mixer. The TEP has been widely used as a case study for fault diagnosis [42] and system identification [43,44]. It is an 8-th order MIMO system where δk,0 is the Kronecker delta 1 if i = j 0 if i ̸ = j, (20) All that remains is to choose F̄ in (18) such that (20) is satisfied to restrict the plant states to the controlled invariant subspace. Finally, if the open loop system is unstable then in addition to Fa satisfying (20), the columns of Fa are taken orthogonal to the eigenvectors corresponding to the unstable poles of A. i=0 δi,j = (19) q×n [ { Fa da To satisfy ỹl = 0, l > 1, we need to design Ka such that C (A − BKa ) = 0. Using the projection theorem, we are led to where à = (18) 102 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 with four inputs that represent valve positions for controlling flow of reactants and four outputs that represent product flow measurement, pressure, amount of reactant in purge and liquid inventory. Let the state vector xk = (x1,k , . . . , x8,k )T . Then, state variables x1,k , . . . , x4,k represent molar holdup of reactants and x5,k , . . . , x8,k represent valve position of feed 1, feed 2, purge and product at time k respectively. For a detailed description of the model the reader is referred to [30]. We consider a discretized model after linearizing using a sampling time Ts = 0.17 s. The system matrices are: A = bdiag(A1 , A2 , A3 ) where A1 = .79 [ 0 00 [ .02 .04 [ A2 = .99 .06 −.09 .49 ] ⎡ .30 0 0 0 0 0 .09 .01 0 0 0 0 −.18 −.09 0 0 0 A3 = −.09 .98 ⎢ 0 ⎢ 0 ⎢ ⎢ .64 B=⎢ ⎢1.58 ⎢ ⎢ 0 ⎣ 0 0 −1.160 ] −.19 0 00 .18 ] .31 , 1.18 0 1.33 0 .37⎥ ⎢−4.25 ⎢ 0 .21⎥ ⎢ ⎥ ⎢ 0 ⎥ T ⎥, C = ⎢ 0 ⎢ 0 ⎥ 0 ⎢ ⎥ ⎢ 0 0 ⎥ ⎣ ⎦ 0 0 0 .18 ⎤ ⎡ 0 0 0 0 8 0 0 0 0 0 0 0 0 −.07 1.5 0 0 0⎥ 0⎥ ⎥ 0⎥ ⎥ 8⎥ ⎥ 0⎥ ⎦ 0 1 ⎤ The process and measurement noise covariances were taken as W = 10−4 I8 and V = 10−2 I4 . 4.1.1. ZDA via output feedback A basis matrix Q for Vm was constructed as outlined in [38, Algorithm 4.1.2, pp. 204]. Q was initialized to a basis matrix for C = null(C ) which was determined via a singular value decomposition (SVD) of C T and choosing the last n − m columns of the left singular vectors matrix. A−1 needed in subsequent steps was precomputed. Note that the block diagonal structure of A leads to A−1 = bdiag(A1 −1 , A2 −1 , A3 −1 ). We found [ Q = Q1 0 ⎡ .95 0 ⎢.29 , Q1 = ⎣ Q 0 ] 2 0 0 0 −1 0 ⎤ ⎡ ⎤ 0 0 0 ⎥ ⎢−.99⎥ ,Q = ⎣ 0 ⎦ 2 −.04⎦ −1 0 Fig. 3. TEP under ZDA via output feedback. The state feedback matrix F such that (A + BF )Vm ⊆ Vm was determined as outlined in [38, Algorithm 4.1.3, pp. 205] which yielded ⎡ ⎢ F =⎢ ⎣ −2.97 −.93 −12.17 0 0 0 −47.98 −15.05 −196.46 0 0 0 0 0 .62 0 0 0 0 0 0 −13.08 0 0 0 −.65 0 0 The output feedback control ũk is shown in Fig. 3(c) and the output due to the ZDA ỹk is shown in Fig. 3(d). From Fig. 3(a), the attack signal alternates with an exponentially growing amplitude. We determine from Fig. 3(b) that the ZDA will excite the components x6,k and x7,k of the NCS to infinity. Recall that x6,k and x7,k represent the plant valve positions for feed 2 of the reactant and purge respectively. As x6,k approaches infinity much faster than x7,k , this will cause an imbalance in the proportion of the reactant. Thus, disturbing the entire chemical process. We can see from Fig. 3(d) that the TEP output due to the ZDA ỹk is close to the origin so the TEP output yk will remain close to the nominal value ȳk and the attack will remain stealthy. Furthermore, by choosing zo sufficiently close to the origin, the output feedback control ũk is close to the origin as shown in Fig. 3(c). ⎤ 0 0⎥ ⎥ 0⎦ 0 We found that the system has a single unstable zero at −1.226. The open loop system has an unstable pole at 1.185. The corresponding eigenvector is (0, 0, 0, 0, 0, 0, 0, 1)T . To construct a ZDA we require zo orthogonal to this eigenvector. We take zo = 3.33 × 10−6 (0T , Q2T )T . It is easy to see that the attack vector ak = (a1,k , . . . , a4,k )T has zero entries except in a2,k . The trajectory of a2,k for 13.6 s is shown in Fig. 3(a). The ZDA excites components x̃6,k and x̃7,k of the system. The trajectories are shown in Fig. 3(b). 103 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 4.2. Sextuple tank process The sextuple tank process (STP) consists of three tank plants coupled through the inputs. A typical tank module contains a pump with a water basin and two tanks. The two tanks are configured such that water from the upper tank can flow into the lower tank while the water from the lower tank flows into the reservoir. The STP can be modelled as a 6-th order multiple-inputmultiple-output system. The objective is to regulate water levels in the lower tanks by controlling the inlet flows to the three way valves. The three inputs are three pump voltages and three outputs that are water levels of the lower tanks: tank 2, tank 4 and tank 6. The six STP states are the water levels in all tanks, i.e., tank 1, . . . , tank 6. We consider a discrete-time STP model [31] with sampling time Ts = 0.25 s. The system matrices are: A = bdiag(A1 , A1 , A1 ) where .90 A1 = .08 [ ] 0 , BT = 10−3 .90 C = bdiag(C1 , C1 , C1 ), [ .1 [ .1 ] 0 0 1.1 C1 = 0 3.8 0 0 0 .2 .2 0 0 3.7 0 0 0.2 2.7 ] 1 The process and measurement noise covariance matrices are taken as W = 10−5 I4 and V = 10−1 I2 . 4.2.1. ZDA via output feedback A basis matrix Q for Vm was constructed as outlined in [38] for an initial value of null(C ) which yielded [ Q = q1 q2 q3 = bdiag(−e1 , e1 , e1 ), e1 = (1, 0)T . ] The state feedback matrix F satisfying (A + BF )Vm ⊆ Vm was determined as outlined in [38] which yielded Fig. 4. TEP under ZDA via state feedback. [ −1.093 1.298 F = 10 −0.085 0 0 0 3 4.1.2. ZDA via state feedback The matrices Ka and Fa were computed from (18) and (19) respectively which yielded 2.6 ⎢ 0 Ka = ⎢ ⎣42.2 0 2.0 0 33.2 0 12.1 0 196.4 0 [ 0 0 ⎡ Fa = 0 0 0 0 0 −0.6 0 0 0 −5.0 0 0 6.3 0 0 −.998 −.049 0 0 135.5 0 0 −.025 −.546 .035 .021 −.025 −.030 0 0 0 0 0 0 ] The open loop system is stable. The STP has a pair of complex unstable zeros at 1.016 ± i.791. To generate a ZDA, a suitable choice of zo is zo = 10−5 (.5q1 − 3.1q2 + 19q3 ) 24.9 0 ⎥ ⎥ 402.0⎦ 6.3 ⎤ [ = 10−5 −.5 0 −3.1 0 19 ]T 0 The trajectories of the components of the attack vector ak = (a1,k , a2,k , a3,k )T for 35 s are shown in Fig. 5(a). The ZDA excites the state components states x̃1,k , x̃3,k and x̃5,k as shown in Fig. 5(b). The output feedback control ũk (not shown) was found to be close to the origin. Fig. 5(c) shows the output due to the ZDA. It is clear from Fig. 5(b), that the plant states x1,k , x3,k and x5,k will be driven to infinity. The water level in tank 5 will drop rapidly causing the lower tank to overflow while the water level in tank 3 will increase rapidly by pumping water from the reservoir until it overflows. Thus, destabilizing the system. Since ỹk remains close to the origin in Fig. 5(c), the system output yk will be close to the nominal value ȳk and the attack will remain stealthy. ]T with F̄ = (0, 0, 0, 0, 0, −.998, −.049, 0)T satisfying (20) chosen by inspection. da = 3.33 × 10−6 was taken. It is easy to see that the attack vector ak has zero entries except in a2,k . The trajectory is shown in Fig. 4(a). The trajectories of x̃6,k and x̃7,k excited by the ZDA are shown in Fig. 4(b). The output of the NCS due to the ZDA is show in Fig. 4(c). The plots appear to be very similar to the case where a ZDA is constructed via output feedback with one difference. For the same initial conditions, the energy of the attack signal a2,k constructed via output feedback is higher which destabilizes the system more rapidly. The computation time for constructing a ZDA using both approaches was obtained by averaging over 1000 runs on a 2.53 GHz processor utilizing 2 cores. The computation time for the output feedback approach was 0.55 ms compared to the state feedback approach which took 0.85 ms to construct the attack trajectory. 4.2.2. ZDA via state feedback The matrices Ka and Fa were computed from (18) and (19) which yielded 1094 Ka= −1298 85 [ 104 11105 −13180 863.3 25.2 546.9 −35.8 255.5 5552.6 −363.7 −21.6 25.7 30.8 −219.7 260.8 312.8 ] S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 Fig. 6. STP under ZDA via state feedback. Fig. 5. The STS under ZDA via output feedback. Fa = bdiag(E1 , E1 , E1 )F̄ , [ E1 = 1 0 0 0 ] Ts = 0.5 s gives ⎡ −.0595 −.1656 .6736 ⎢ .2667 A=⎣ .1304 .4252 .0003 .0008 ⎡ ⎤ −.003 .266 ⎢−.010 .522 ⎥ B=⎣ −.009 .118 ⎦ .247 .031 with [ −.024 − i.042 F̄ = −.024 + i.429 0 0 −.154 + i.268 −.154 − i.268 0 0 .949 .949 ]T 0 0 . da = 10−5 was taken. The resulting ZDA is shown in Fig. 6(a). The effect of the attack on the system states is shown in Fig. 6(b). Fig. 6(c) shows the contribution to output by the ZDA. The attack trajectories shown in Fig. 6(a) are very similar to those in Fig. 5(a) for the same initial conditions. Naturally, we expect the attack to destabilize the plant in a similar fashion. A comparison of the computation time to generate a ZDA showed that the output feedback approach took 0.886 ms compared to 1.371 ms for the state feedback approach. 2.505 −.001 [ C = .012 −.005 .0009 .0004 .9992 .0008 .011 −.004 ⎤ −.0233 −.0090 ⎥ , .0211 ⎦ .9803 −.360 .079 ] The process and measurement noise covariance matrices are taken as W = 10−4 I4 and V = 4 × 10−4 I2 . 4.3.1. ZDA via output feedback A basis matrix Q for Vm was constructed as outlined above for an initial value of null(C ). Q was found as 4.3. Sugar mill system A sugar crushing mill system can be modelled as a 4-th order system with two inputs: turbine speed and chute flap and two outputs: turbine torque and chute height. A discretized model of the continuous-time sugar mill system [32] for a sampling time [ Q = q1 105 ⎡ .005 ] ⎢.718 q2 = ⎣ .690 .085 ⎤ 0 .692 ⎥ −.721⎦ .001 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 Fig. 7. The sugar mill under ZDA via output feedback. Fig. 8. Sugar mill system under ZDA via state feedback. The state feedback matrix F satisfying (A + BF )Vm ⊆ Vm was determined as outlined above and found as [ .0002 F = .0027 .0405 .6485 .0022 .0151 The resulting ZDA is shown in Fig. 8(a). The effect of the attack on the plant states can be determined from Fig. 8(b) which suggests that the plant will rapidly destabilize. Fig. 8(c) shows the contribution to output by the ZDA. A comparison of Fig. 7(b) and Fig. 8(b) shows that both approaches generate identical attack vectors for the same initial conditions. The computation time for generating a ZDA via output feedback was 1.2 ms compared to 1.53 ms via state feedback. .0027 .0416 ] The open loop system is unstable with the largest eigenvalue of A at unity. The corresponding eigenvector is (.0001, −.0001, −.9992, −.0404)T . To generate a ZDA a suitable choice of zo that is orthogonal to the above eigenvector is z0 = 10−3 q1 . The trajectories of the components of the attack vector ak = (a1,k , a2,k )T for 70 s are shown in Fig. 7(a). The attack vector excites all four system states as shown in Fig. 7(b). The output feedback control ũk (not shown) was found to be close to the origin. Fig. 7(c) shows the output due to the ZDA. From Fig. 7(b), we can determine that all plant states will be driven to infinity with x3,k growing the most rapidly. Since ỹk remains close to the origin, the system output yk will be close to the nominal value ȳk and the attack will remain stealthy. 5. Conclusions A zero-dynamics attack (ZDA) targets the internal dynamics of a system and remains stealthy to detectors that monitor a system’s inputs and outputs. In this paper, we have reviewed two approaches for constructing a ZDA based on geometric control and fault detection and isolation techniques. A comparison of the two approaches is presented by demonstrating the attacks on three industrial processes. We have found that the two approaches generate very similar attack trajectories that rapidly destabilize the systems. In this paper, a constraint on the energy of the attack vector was not considered which grows unbounded. Future work will consider construction of a ZDA under energy constraints on the attack vector. We will also investigate conditions under which a ZDA can be constructed under imperfect knowledge of an NCS. 4.3.2. ZDA via state feedback The matrices Ka and Fa were computed from (18) and (19) which yielded [ ] −.104 −.288 −.230 3.943 −.233 −.648 −.014 −.031 [ ]T Fa = .0056 .7271 .6812 .0847 Ka = with F̄ = (.0056, .7271, .6812, .0847)T . da = 10−3 was taken. 106 S.A. Pasha and A. Ayub Journal of Process Control 105 (2021) 99–107 CRediT authorship contribution statement [19] A.-Y. Lu, G.-H. Yang, Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service, IEEE Trans. Automat. Control 63 (6) (2017) 1813–1820. [20] M. Zhu, S. Martinez, On the performance analysis of resilient networked control systems under replay attacks, IEEE Trans. Automat. Control 59 (3) (2014) 804–808. [21] F. Miao, M. Pajic, G.J. Pappas, Stochastic game approach for replay attack detection, in: 52nd IEEE Conf. Decision and Control, 2013, pp. 1854–1859. [22] A. Teixeira, S. Amin, H. Sandberg, K.H. Johansson, S.S. Sastry, Cyber security analysis of state estimators in electric power systems, in: 49th IEEE Conf. Decision and Control, CDC, 2010, pp. 5991–5998. [23] Y. Liu, P. Ning, M.K. Reiter, False data injection attacks against state estimation in electric power grids, in: Proc. 16th ACM Conf. Computer and Communications Security, 2009, pp. 21–32. [24] Y. Mo, B. Sinopoli, False data injection attacks in control systems, in: 1st Workshop on Secure Control Systems, 2010. [25] Y. Li, D. Shi, T. Chen, False data injection attacks on networked control systems: A stackelberg game analysis, IEEE Trans. Automat. Control 63 (10) (2018) 3503–3509. [26] G. Liang, J. Zhao, F. Luo, S.R. Weller, Z.Y. Dong, A review of false data injection attacks against modern power systems, IEEE Trans. Smart Grid 8 (4) (2016) 1630–1638. [27] G. Basile, G. Marro, Controlled and conditioned invariant subspaces in linear system theory, J. Optim. Theory Appl. 3 (5) (1969) 306–315. [28] W.W. Murray, Linear Multivariable Control: A Geometric Approach, Springer-Verlag, 1979. [29] J. Keller, D. Sauter, Monitoring of stealthy attack in networked control systems, in: Conf. Control and Fault-Tolerant Systems, SysTol, 2013, pp. 462–467. [30] J.J. Downs, E.F. Vogel, A plant-wide industrial process control problem, Comput. Chem. Eng. 17 (3) (1993) 245–255. [31] D. Copot, A. Maxim, R. De Keyser, C.-M. Ionescu, Multivariable control of sextuple tank system with non-minimum phase dynamics, in: Proc. 2016 IEEE Intl. Conf. Automation, Quality and Testing, Robotics, AQTR, 2016, pp. 399–404. [32] G. Goodwin, S. Graebe, M. Salgado, Control System Design, Prentice Hall, 2001. [33] Y. Mo, R. Chabukswar, B. Sinopoli, Detecting integrity attacks on SCADA systems, IEEE Trans. Control Syst. Technol. 22 (4) (2013) 1396–1407. [34] S. Monaco, D. Normand-Cyrot, Zero dynamics of sampled nonlinear systems, Systems Control Lett. 11 (3) (1988) 229–234. [35] J. Tokarzewski, Finite Zeros in Discrete Time Control Systems, vol. 338, Springer, 2006. [36] A. Isidori, The zero dynamics of a nonlinear system: from the origin to the latest progresses of a long successful story, Eur. J. Control 19 (5) (2013) 369–378. [37] W.M. Wonham, A.S. Morse, Decoupling and pole assignment in linear multivariable systems: a geometric approach, SIAM J. Control 8 (1) (1970) 1–18. [38] G. Basile, G. Marro, Controlled and Conditioned Invariants in Linear System Theory, Prentice Hall, Englewood Cliffs, NJ, 1992. [39] B.D. Anderson, Output-nulling invariant and controllability subspaces, IFAC Proc. Vol. 8 (1) (1975) 337–345. [40] B. Anderson, A note on transmission zeros of a transfer function matrix, IEEE Trans. Automat. Control 21 (4) (1976) 589–591. [41] E.D. Sontag, Mathematical Control Theory: Deterministic Finite Dimensional Systems, Springer, 1990. [42] H. Chen, P. Tiňo, X. Yao, Cognitive fault diagnosis in Tennessee Eastman Process using learning in the model space, Comput. Chem. Eng. 67 (2014) 33–42. [43] B.C. Juricek, D.E. Seborg, W.E. Larimore, Identification of the Tennessee Eastman challenge process with subspace methods, Control Eng. Pract. 9 (12) (2001) 1337–1351. [44] H. Faris, A. Sheta, Identification of the Tennessee Eastman chemical process reactor using genetic programming, Intl. J. Adv. Sci. Technol. 50 (2013) 121–140. Syed Ahmed Pasha: Conceptualization, Methodology, Writing – review & editing, Supervision. Ayesha Ayub: Software, Validation, Investigation, Writing – original draft, Visualization. Declaration of competing interest The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. References [1] R. Alur, K.-E. Arzen, J. Baillieul, T. Henzinger, Handbook of Networked and Embedded Control Systems, Springer Science & Business Media, 2007. [2] J.P. Hespanha, P. Naghshtabrizi, Y. Xu, A survey of recent results in networked control systems, Proc. IEEE 95 (1) (2007) 138–162. [3] A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for securing cyber physical systems, in: Workshop on Future Directions in Cyber-Physical Systems Security, vol. 5, 2009. [4] F. Pasqualetti, F. Dörfler, F. Bullo, Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design, in: 50th IEEE Conf. Decision and Control and European Control Conf., 2011, pp. 2195–2201. [5] A. Teixeira, D. Pérez, H. Sandberg, K.H. Johansson, Attack models and scenarios for networked control systems, in: Proc. 1st Intl. Conf. High Confidence Networked Systems, 2012, pp. 55–64. [6] H. Fawzi, P. Tabuada, S. Diggavi, Secure estimation and control for cyberphysical systems under adversarial attacks, IEEE Trans. Automat. Control 59 (6) (2014) 1454–1467. [7] R. Taormina, S. Galelli, N.O. Tippenhauer, E. Salomons, A. Ostfeld, Characterizing cyber-physical attacks on water distribution systems, J. Water Resour. Plan. Manag. 143 (5) (2017). [8] V.L. Do, L. Fillatre, I. Nikiforov, P. Willett, Security of SCADA systems against cyber–physical attacks, IEEE Aerosp. Electron. Syst. Mag. 32 (5) (2017) 28–45. [9] R. Langner, Stuxnet: Dissecting a cyberwarfare weapon, IEEE Secur. Priv. 9 (3) (2011) 49–51. [10] J.P. Farwell, R. Rohozinski, Stuxnet and the future of cyber war, Survival 53 (1) (2011) 23–40. [11] Y. Mo, B. Sinopoli, Secure control against replay attacks, in: 47th Annual Allerton Conf. Communication, Control, and Computing, 2009, pp. 911–918. [12] Y. Liu, P. Ning, M.K. Reiter, False data injection attacks against state estimation in electric power grids, ACM Trans. Inf. Syst. Secur. 14 (1) (2011) 1–33. [13] A. Teixeira, I. Shames, H. Sandberg, K.H. Johansson, Revealing stealthy attacks in control systems, in: 50th Annual Allerton Conf. Communication, Control, and Computing, 2012, pp. 1806–1813. [14] S. Amin, A.A. Cárdenas, S.S. Sastry, Safe and secure networked control systems under denial-of-service attacks, in: Proc. 12th Intl. Conf. Hybrid Systems: Computation and Control, 2009, pp. 31–45. [15] Y. Yuan, Q. Zhu, F. Sun, Q. Wang, T. Başar, Resilient control of cyberphysical systems against denial-of-service attacks, in: 6th Intl. Symp. Resilient Control Systems, 2013, pp. 54–59. [16] H. Zhang, P. Cheng, L. Shi, J. Chen, Optimal denial-of-service attack scheduling with energy constraint, IEEE Trans. Automat. Control 60 (11) (2015) 3023–3028. [17] G.K. Befekadu, V. Gupta, P.J. Antsaklis, Risk-sensitive control under Markov modulated denial-of-service (DoS) attack strategies, IEEE Trans. Automat. Control 60 (12) (2015) 3299–3304. [18] C. De Persis, P. Tesi, Input-to-state stabilizing control under denial-ofservice, IEEE Trans. Automat. Control 60 (11) (2015) 2930–2944. 107