Abstract: Systems and methods are provided for the control of an industrial asset, such as a power generating asset. Accordingly, a cyber-attack model predicts a plurality of operational impacts on the industrial asset resulting from a plurality of potential cyber-attacks. The cyber-attack model also predicts a corresponding plurality of potential mitigation responses. In operation, a cyber-attack impacting at least one component of the industrial asset is detected via the cyber-attack neutralization module and a protected operational impact of the cyber-attack is identified based on the cyber-attack model. The cyber-attack neutralization module selects at least one mitigation response of the plurality of mitigation responses based on the predicted operational impact and an operating state of the industrial asset is altered based on the selected mitigation response.

Abstract: A method for providing backup control for a supervisory controller of at least one wind turbine includes observing, via a learning-based backup controller of the at least one wind turbine, at least one operating parameter of the supervisory controller under normal operation. The method also includes learning, via the learning-based backup controller, one or more control actions of the at least one wind turbine based on the operating parameter(s). Further, the method includes receiving, via the learning-based backup controller, an indication that the supervisory controller is unavailable to continue the normal operation. Upon receipt of the indication, the method includes controlling, via the learning-based backup controller, the wind turbine(s) using the learned one or more control actions until the supervisory controller becomes available again. Moreover, the control action(s) defines a delta that one or more setpoints of the wind turbine(s) should be adjusted by to achieve a desired outcome.

Abstract: The present application describes techniques for node selection and ranking for, e.g., attack detection and localization in cyber-physical systems, without relying on digital twins, computer models of assets, or operational domain expertise. The described techniques include obtaining an input dataset of values for a plurality of nodes (e.g., sensors, actuators, controllers, software nodes) of industrial assets, computing a plurality of principal components (PCs) for the input dataset according to variance of values for each node, computing a set of common weighted PCs based on the plurality of PCs according to variance of each PC, and ranking each node based on the node's contribution to the set of common weighted PCs.

Abstract: The present disclosure relates to techniques for detecting cyber-faults in industrial assets. Such techniques may include obtaining an input dataset from a plurality of nodes of industrial assets and predicting fault nodes in the plurality of nodes by inputting the input dataset to a one-class classifier. The one-class classifier may be trained on normal operation data obtained during normal operations of the industrial assets. Further, the cyber-fault detection techniques may include computing a confidence level of cyber fault detection for the input dataset using the one-class classifier and adjusting decision thresholds based on the confidence level for categorizing the input dataset as normal or including cyber-faults. The predicted fault nodes and the adjusted decision thresholds may be used for detecting cyber-faults in the plurality of nodes of the industrial assets.

Abstract: The present disclosure provides techniques for implementing self-adapting neutralization against cyber-faults within industrial assets. The disclosed neutralization techniques may include obtaining an input dataset from a plurality of nodes of industrial assets and reconstructing compromised nodes in the plurality of nodes to neutralize cyber-faults detected based on the input dataset. A confidence metric may be computed for the reconstruction of the compromised nodes, e.g., using inductive conformal prediction. Based on the confidence metric and the reconstruction of the compromised nodes, input signals from the reconstruction of the compromised nodes may be transformed, or configuration parameters for a controller of the industrial assets may be tuned.

Abstract: Systems and methods are provided for the control of an industrial asset, such as a power generating asset. Accordingly, a cyber-attack model predicts a plurality of operational impacts on the industrial asset resulting from a plurality of potential cyber-attacks. The cyber-attack model also predicts a corresponding plurality of potential mitigation responses. In operation, a cyber-attack impacting at least one component of the industrial asset is detected via the cyber-attack neutralization module and a protected operational impact of the cyber-attack is identified based on the cyber-attack model. The cyber-attack neutralization module selects at least one mitigation response of the plurality of mitigation responses based on the predicted operational impact and an operating state of the industrial asset is altered based on the selected mitigation response.