Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers

Hao Huang, Patrick Wlazlo, Zeyu Mao, Abhijeet Sahu, Katherine Davis, Ana Goulart, Saman Zonouz, Charles M. Davis

Research output: Contribution to journalArticlepeer-review

5 Scopus citations


Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system&#x2019;s behavior, physical and cyber data can be used to infer characteristics about the adversary. In this paper, we present alert and control logic for hardware-based power system defense using the physical data and communication status in substation IEDs for <italic>cyber threat detection</italic>, <italic>cyber-physical contingency detection and response</italic>, and <italic>physical contingency identification and response</italic>. The proposed alert and control logic routines are implemented in an industrial real-time automation controller (RTAC) using IEC 61131-3&#x00A0;in the Resilient Energy Systems Lab (RESLab) testbed. The goal is to help operators identify adversaries and protect the power grid in a cyber-physical environment. The effectiveness and accuracy of logic schemes are validated under different adversarial scenarios. Comparing the proposed schemes with an intrusion detection system (IDS), Snort, our results also suggest the benefits of using cyber and physical data to identify threats. The results also suggest the use of such hardware-based schemes with software algorithms in a next-generation cyber-physical energy management system (EMS), which can implement automatic control actions to protect power grids and its physical equipment against cyber threats.

Original languageEnglish (US)
Pages (from-to)1-14
Number of pages14
JournalIEEE Transactions on Industry Applications
StateAccepted/In press - 2022

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Industrial and Manufacturing Engineering
  • Electrical and Electronic Engineering


  • Communication networks
  • Cyber-physical Power Systems
  • Cyber-physical Security
  • Cyberattack
  • DNP3
  • Hardware-in-the-loop Testbed
  • IEC 61131
  • Power grids
  • Power systems
  • Real-time systems
  • Security
  • Substations


Dive into the research topics of 'Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers'. Together they form a unique fingerprint.

Cite this