INSE 6710: Fundamentals and Applications of

Cyber-Physical Systems

Lecture 1 - Introduction to Cyber-Physical Systems

(CPSs)
Prof. Walter Lucia

Fall - 2022

Fall - 2022 1 / 51

Overview

1 INSE 6710 - Overview

2 Introduction to CPS
Example of CPS: Smart Grids

3 CPSs as Networked Control Systems

4 Cyber-Security and Fault-Tolerant/Robust Control for CPS

Fall - 2022 2 / 51

INSE 6710 - Overview

Fall - 2022 3 / 51
Course Instructor

Background and Formation

• Associate Professor, CIISE, Concordia University
• Home page:
https://users.encs.concordia.ca/~wlucia/index.html

Research Interests:
• Secure and resilient control of cyber-physical systems
• Model predictice control/fault-tolerant control/switching systems
• Control of autonomous vehicles (UGV, UAV)

Fall - 2022 4 / 51

Course Webpage & Office Hours

• In-class lecture: Fridays from 10:15AM to 12:45PM

• Course page: Moodle
• Used to upload lecture slides and material to study
• Used for important communications to the class
• Used to assign and collect the assignment
• There, you can also find the Lecture recordings from past years1
• Office hours:
• By email: send your questions to walter.lucia@concordia.ca
• Using zoom.us:
Monday from 10AM to 11:30AM. The Zoom link is available on
Moodle
By appointment. Send an email to walter.lucia@concordia.ca

1
Disclaimer: some topics (or part of them) covered this year might not be in the recording or be different.
Fall - 2022 5 / 51

Class textbook, prerequisites, and background

• Textbook: there is no required textbook. Suggested research

papers and books are listed in the class outline. Presentation
slides and other material will be made available on Moodle.

• Prerequisites:
• No formal prerequisites
• However, the students are expected to have some basic knowledge of
math, statistics, and basic programming skills.
• Background material (covered in class):
• Linear systems, control design problem, state estimation problem
• Brief introduction to Matlab/Simulink2

2
Students are expected to make an effort to learn the basics of Matlab and Simulink. Matlab will be used for the Assignment
Fall - 2022 6 / 51
Marks Distribution I
• Each student will be awarded a letter grade based on the best
result according to the options (A), (B)3

(A) (B) Date/Deadline

Date: October 14 at 10:15 am
Midterm 1
30% 20% (in-class)
Date: TBA (to be uploaded on
Assignment
30% 30% Moodle)
Date: December 2, at 10:15 am
Midterm 2
40% 50% (in-class)

• The assignment is given after the Midterm 1. The assignment can

be done in groups of at most 2 students.
• An third grading option (C) will be available for students
interested in doing specific research projects (the list of
available projects and complete rules will be available on Moodle).
In this case:
Fall - 2022 7 / 51

Marks Distribution II

• The project must be solved individually and the student must contact the
professor by email indicating his/her interest.
• The project replaces the assignment and the following grading scheme is
used: Midterm 1 (20%), Project (50%), Second Midterm (30%).
• The project can be started at any time and it must end by the last day of
class or shortly thereafter (to be discussed with the professor).

3
Check the class outline for the complete set of rules.
Fall - 2022 8 / 51

Who should take this course

Students interested in the class content and comfortable with

the class rules, requirements, and expectations.

Fall - 2022 9 / 51
 Introduction to CPS

Fall - 2022 10 / 51

What is this course about?

In brief: this class focuses on the security of CPSs

(from a control perspective).

Cyber-Physical Systems (CPSs) = modern engineering systems

performing autonomous tasks and embedding communications and
computational capabilities.

Communication

Computation

Control

http://engineering.utsa.edu/ataha/wp-content/uploads/sites/38/2017/10/EE5243_Module1.pdf

Fall - 2022 11 / 51

Course Description: Content

Plant

+
Network +

Control Logic State Estimation

Anomaly Detection Strategy

Controller

• Modeling CPSs as feedback networked control systems

• Cyber-security concerns associated to cyber-physical systems
• Classes of cyber-attacks affecting the communication channels in
CPSs
• State-of-art solutions for the detection and mitigation of
cyber-attacks in CPSs
Fall - 2022 12 / 51
Background - Computing Evolution

• Mainframe computing (60’s-70’s)

• Large computers to execute big data processing applications

• Desktop computing & Internet (80’s-90’s)

• One computer at every desk to do business/ personal activities

• Ubiquitous computing (00’s)

• Numerous computing devices in every place
• More embedded processor than desktops

• Cyber-Physical Systems (10’s)

Fall - 2022 13 / 51

Why do we need autonomous systems and CPSs?

• Problem 1: Data/Device
Proliferation
• Problem 2: Biological
Evolution

The exponential proliferation of embedded devices is not

matched by a corresponding increase in human ability to
consume information!

Solution: Increase autonomy (humans out of the loop!)

Fall - 2022 14 / 51

What is a Cyber-Physical System?

Modern autonomous engineering systems embedding physical

components, communications, and computational capabilities/
control logic

Communication

Computation

Control

http://engineering.utsa.edu/ataha/wp-content/uploads/sites/38/2017/10/EE5243_Module1.pdf

Fall - 2022 15 / 51
A CPS World - Examples
• Autonomous Vehicles and Intelligent Transportation Systems
• Smart Buildings, Industry 4.0
• Smart Grid
• Biomedical Engineering/ Medical Devices
• And many more

Fall - 2022 16 / 51

CPSs Expectations

• CPSs have the potential to provide farreaching benefits in

addressing some of the problem we face as a society:
• Near-zero automotive traffic fatalities, significantly reduced traffic
congestion and delays
• Blackout-free electricity generation and distribution
• Generally speaking, CPSs are expected to have a positive impact
on the next generation of engineering systems in terms of:
• Autonomy
• Reliability
• Efficiency

Fall - 2022 17 / 51

CPSs complexity and problems

CPSs are complex and heterogeneous engineering systems.

We need cross-disciplinary design principles and analysis tools!

Communication

Computation

Control

• How can we model CPSs?

• How can we ensure security of CPSs against attacks?
• Is traditional cyber-security enough for the security of CPSs?
• Are fault-tolerant/robust control schemes appropriate for CPSs?
• ....many more (see the list in the next slide)
Fall - 2022 18 / 51
CPSs - Concept Map

Fall - 2022 19 / 51

CPSs - Concept Map (covered in this class)

Fall - 2022 20 / 51

CPSs - Expectations and Security Issues

CPS expectations:
• Autonomy
• Reliability
• Efficiency
Security ← warning

• Many cyber attacks against CPSs have been reported and more
are expected
• Stuxnet malware (2010)
• Ukraine Power Grid attack (2015)
• Motivations:
• Cyber Warfare, Commercial Advantage
• Terroristic Attacks
Fall - 2022 21 / 51
Stuxnet Attack ∼ 2010
• Malware that infected the SCADA (Supervisory Control And Data
Acquisition) system controlling an uranium enrichment facility in
Iran
• The control logic and the communication with the HMI (Human
Machine Interface) were altered
• Stuxnet increased centrifuges pressures causing them to spin in
an erratic fashion, which caused plant damages

Fall - 2022 22 / 51

Example of CPS: Smart Grid

Fall - 2022 23 / 51

Example of CPS: Smart Grids

A Smart Grid is a modern electricity distribution system. It uses

sensors, automation, communications to improve flexibility and
reliability of the power grid.

Fall - 2022 24 / 51
Smart Grids - Importance

• Modern society heavily relies on the energy provided by the

electricity systems: it will grow exponentially in the next 20 years
• A power outage impact for businesses can be significant:
The financial impact of power disruption was demonstrated during
the August 2003 blackout, which affected 45 million people in eight
US states and 10 million people in parts of Canada. Healthcare
facilities experienced hundreds of millions of dollars in lost revenue
from canceled services, legal liability, and damaged reputations. Six
hospitals were in bankruptcy 1 year later.4

Smart Grids have been developed to improve efficiency and

resiliency of old electricity systems.

4
Lawrence Bernie, Hancock Martin, Stieva Ginni. White Paper: How unreliable power affects the business value of a hospital?
Schneider Electric, December 2010.
Fall - 2022 25 / 51

Smart Grids - Architecture

• A smart grid has mostly the same physical components of an old
energy distribution system (e.g., generation, transmission,
distributions, power conditioning systems)
• New components include sensors, communication capabilities
and control (→ CPS):
• E.g., synchronized phasor measurement units, energy management
systems, communication networks
• The new components allow a centralized collection of information
about the overall grid status. As a consequence, automation,
reliability/resiliency, and efficiency can now be improved

Fall - 2022 26 / 51

Smart Grids - Improved Resiliency

Resiliency: capability of a given entity to withstand from

unexpected actions, and recover very quickly thereaftera .
a
A formal definition will be given in the next Lectures.

• In energy transmission there is the need to develop maintenance

technologies able to withstand environmental threats (both
intentional and unintentional) and recover in a timely fashion.
• Smart Grids allow to better detect/ isolate/ withstand and mitigate
anomalies (e.g. a faulty transmission line, line overload, etc.)
Fall - 2022 27 / 51
Smart Grids - Greater Efficiency

Energy Loss in Transmission: p(t) = Ri2 (t)

• i(t) = current
• R = line resistance

• Although the energy demand is expected to grow exponentially,

the Electric Power Research Institute predicted that, thanks to the
efficiency of Smart Grids, the annual growth in electricity
consumption will be approximately 0.7% from 2008 to 2035.
• Example of efficiency improvement enabled by smart-grids:
• Users can run non-urgent appliances during off-peak hours (reducing i(t))
• Utilities can provide lower price during off-peak hours to reduce current
picks (reducing i(t)).
• Integration of local renewable energy reduce the long-distance
transmission linear that are energy inefficient (reducing R).

Fall - 2022 28 / 51

Smart Grid - Security Challenges

• A smart grid (or CPS in general), equipped with sensing and

communication capability can be viewed in human terms
• Monitoring and sensing = eyes, ears, nose and sensory receptors of the
brain
• Communication system = mouth, vocal chord and the ears
• Automation system = arms, hands, motor function of the brain
• Manipulation of any one of the smart grid capabilities can affect
the entire grid

Smart Grids rely on Interconnectivity and Interdependency →

digital communication → data exchange → vector for attacks or
vector of propagation through which a successful attack can
spread to other systems

Fall - 2022 29 / 51

Smart Grid - Attack Examples

• Phasor Measurement Units (PMUs) provide sensor information

about the status of the Grid. They are used by the smart grid
control center to, e.g., create a balance between electricity
demand and electricity supply;
• A manipulated reading of a PMU might initiate an unnecessary
load shedding compensation and maybe create a blackout!

In CPSs, cyber-attacks have physical consequences!!

Fall - 2022 30 / 51
 Introduction to Feedback Control Systems

Fall - 2022 31 / 51

What is a Control System?

• The control system is the core of any CPS. It makes sure that a
physical system can autonomously reach a desired objective
• Example: thank level control system
u(t)
y(t)

desired water error signal brain control action water level

level r(t) + e(t) u(t) y(t)
Controller Water Tank
-

feedback/sensor measurements

Fall - 2022 32 / 51

Control Systems5
• The plant is a physical entity that receives inputs u(t) and produce
outputs y(t)
• E.g.: a car, airplane, nuclear plant, a boiler, a toaster, etc...
• The reference signal (or setpoint) r(t) is the plant condition we
want to reach, (e.g., the desired water level)
• To build an autonomous system, we need a logic (algorithm, brain)
to decide how to automatically choose the control actions u(k)
• The control system is the brain of an autonomous physical
system. Given r(t) and y(t), it decides the input u(t) to apply to
the plant so that eventually y(k) = r(k)
Controller
desired reference error signal brain control action
r(t) + e(t) u(t) y(t)
Control Logic Plant
-

feedback/sensor measurements

5
This is not a formal definition of control system
Fall - 2022 33 / 51
Control schemes: open-loop vs closed Loop

• In control systems, we make the distinction between two main

classes of control schemes: open-loop vs closed-loop

closed-loop controller
open-loop controller r(t) + e(t) u(t) y(t)

r(t) u(t) y(t)

Control Logic Plant
-
Control Logic Plant
sensor measurements

• To better understand the philosophy behind control systems:

• Open-loop control: https://goo.gl/HxJ7W8
• Closed-loop (feedback) control: https://goo.gl/rJMa4J
• Control systems components: https://goo.gl/PszPQr

Fall - 2022 34 / 51

Output-Feedback Controller
• If the controller works with the available sensor information y(t)
then it is said to be an output-feedback-controller (e.g., the water
tank control system seen before)
• Control logic: u(t) = f (r(t), y(t))

actuators sensors
A S
A Plantstate x(t) S

u(t) Controller y(t)

control inputs r(t) measurements

Fall - 2022 35 / 51

Feedback Control with State Estimation

• Let x(t) be a set of variables capable of completely characterizing
the status (state) of the plant.
• The sensor measurements y(t) usually give only a partial view of
x(t).
• E.g., for an autonomous car, x(t) = [p(t), v(t)]T (position p and velocity v).
However, if you have a have a velocity sensor but not a GPS, then y = v
• If the controller needs x(t) to work, then the controller is said to be
a state-feedback controller.
• In this case, a state estimation module is needed to obtain a good
estimation x̂(t) of x(t) and the control logic is u(t) = f (r(t), x̂(t))
actuators sensors
A S
A Plantstate x(t) S

u(t) control logic state estimator y(t)

r(t)

Controller
Fall - 2022 36 / 51
Feedback Control with State Estimation - Tasks
• Task 1 - The state estimator6 reconstructs/estimates the state x̂(t)
from the sensor measurements y(t), control inputs u(t), and
mathematical model of the plant’s dynamical behavior.
• Task 2 - Given x̂(t), the control logic 7 computes a sequence of
control inputs u(t) to reach pre-specified control objectives:
• Closed-Loop system stability, Reference tracking (i.e., y(t) reaches the
reference r(t)), etc...

actuators sensors
A S
A Plantstate x(t) S

u(t) control logic state estimator y(t)

r(t)

Controller
6
State-estimators will be studied in Lecture 4
7
Controllers will be studied in Lecture 3
Fall - 2022 37 / 51

CPSs as Networked Control Systems

Fall - 2022 38 / 51

Networked Feedback Control Systems

• Networked Control Systems (NCSs) are closed-loop control
systems where the Plant and the Controller are spatially distant
and a communication channel (wired/wireless) is between them.
• In this class, we model CPSs as NCSs subject to attacks on
the communication channels.
• We consider scenarios where an attacker can potentially intercept
the communication channels and modify/destroy the transmitted
data
actuators sensors
A S
A Plantstate x(t) S

Communication Channel

u(t) control logic state estimator y(t)

r(t)
Networked Controller
Fall - 2022 39 / 51
Securing CPS: objective

actuators sensors
A S
A Plantstate x(t) S

Communication Channel

u(t) control logic state estimator y(t)

r(t)
Networked Controller

• The Networked Controller must be capable of ensuring that the

operational goals (e.g., stability, safety, reference tracking) are met
regardless of the presence of malicious parties attacking the
cyber infrastructure

Fall - 2022 40 / 51

CPSs security challenges: partial list

1 Analysis: which classes of attacks can affect CPS? are there

undetectable attacks?
2 Detection: how can we design an anomaly detector to reveal the
presence of attacks?
3 Identification: how can we understand which subsets of
transmitted information have been corrupted?
4 Robust/resilient state estimation: how can we obtain a correct
state estimation in the presence of cyber-attacks?
5 Robust/resilient control design: how can we design the control
logic to make the control system robust against attacks?
6 Safety: how can we keep the plant “safe” if the communication
channels are unreliable?

Fall - 2022 41 / 51

Cyber-Security and Fault-Tolerant/Robust Control for

CPS

Fall - 2022 42 / 51
Cyber-Security
• In the computer security and sensor network security domains
several proactive and reactive protective security mechanisms
have been developed to secure IT systems:
• Proactive Mechanisms: authentication, access control, message
authentication, sensor network security, software security, redundancy,
diversity, separation of privileges, etc...
• Reactive Mechanisms: detection and response, etc...

Fall - 2022 43 / 51

Standard cyber-security: challenges in CPSs

• Clearly, cyber-security is needed in CPSs

• Some issues and limitations exists
• Human errors, software bugs, misconfigured devices, etc..., create many
vulnerabilities that attacks can use to launch successful attacks8
• Legacy devices might not support secure communication protocols.
• Heterogeneous devices might not be compatible with the same security
standards
• IT security does not take into account the specific features (e.g. dynamics)
of the physical systems (plant)9

Plant’s dynamics (different for A

actuators sensors
S
Plantstate x(t)
each CPS) A S

Communication Channel
ẋ(t) = Ax(t) + Bu(t)
y(t) = Cx(t) u(t) control logic
r(t)
state estimator y(t)

Networked Controller

8
Note that Industrial Control Systems (ICSs) cannot easily be rebooted and patched with security updates when
bug/vulnerability are found out.
9
Plant models will be studies in Lecture 3
Fall - 2022 44 / 51

Fault-Tolerant Control/Robust Control

• In the control system domain, there are strong results on robust
and fault-tolerant algorithms against bounded uncertainties or
physical faults.
• A control system is said fault-tolerant if it allows the physical system to
continue working (perhaps with degraded performance) in the event of the
failure of some of its components.
• A control system is said robust if it can handle bounded uncertainties,
modeling errors, measurement noise, bounded disturbances, etc...

Fall - 2022 45 / 51
Standard Control Theory: challenges in CPSs

• Clearly, fault-tolerant/robust control schemes are needed in

CPSs
• Some issues and limitation exists:
• Fault-Tolerant Control in CPS: intelligent cyber-attacks cannot be
modeled as physical failures.
• Robust control in CPS: The magnitude of the attack vector can be in
principle not limited and therefore it cannot be treated as a disturbance or a
model uncertainty

actuators sensors
A S
A Plantstate x(t) S

Communication Channel

u(t) control logic state estimator y(t)

r(t)
Networked Controller

Fall - 2022 46 / 51

Opportunities in CPSs

• Cyber Security tools and Control Strategies must be properly

combined to solve the CPS security problems.
• There is a need to:
• extend/improve fault-detection/robust-control techniques to cope with
cyber-attaks and ensure graceful (and safe) degradation of performance
under attacks, and prompt recovery thereafter;
• extend/improve cyber-attack detection tools in order to detect and mitigate
cyber-attacks against CPSs;
• Ultimately, we strive for multiple independent layers of security
running in parallel.
Fall - 2022 47 / 51

Next Lectures Roadmap

Fall - 2022 48 / 51
Next Lectures (tentative lecture schedule)
• Lecture 2: Security of CPS from a control perspective, classes of
attacks, example of stealthy undetectable attack
• Lecture 3: Background - Mathematical modeling of physical
systems and introduction to control systems
• Lecture 4: Background - State Estimation and Kalman Filter
• Lecture 5: Tutorial on Control Systems design + Matlab Tutorial
• Lecture 6: First Midterm Exam (in-class);
• Lecture 7: Detection of cyber-attacks against networked CPSs
using passive detection mechanisms;
• Lecture 8: Detection of cyber-attacks against networked CPSs
using active detection mechanisms. The Assignment is given;
• Lecture 9: Setpoint attacks and setpoint attacks detection
• Lecture 10: Resilient control against cyber-attacks
• Lecture 11-12: Covert and Wyner wiretap-like channels in CPSs
• Lecture 13: Second Midterm Exam (in-class)
Fall - 2022 49 / 51

Thank You!

Fall - 2022 50 / 51

References
A. A. Cardenas et al.
Secure Control: Towards Survivable Cyber-Physical Systems
International Conference on Distributed Computing Systems Workshops, 2008.
T. Nadeem
Course Introduction: Overview of Cyber Physical Systems
CS 795/895 - Cyber Physical Systems Seminar, 2013.
A. Teixeira et al.
A secure control framework for resource-limited adversaries
Automatica, 2015.
H. Sandberg
Lecture Slides: Security and limitations of Cyber-physical Systems
KTK, 2015.
E. D. Knapp and R. Samani
Applied Cyber Security and the Smart Grid
Syngress, 2013.
M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki
Diagnosis and Fault-Tolerant Control
Syngress, 2006. Fall - 2022 51 / 51