A team of Missouri University of Science and Technology researchers has received a National Science Foundation research grant of nearly $1 million to develop stronger safeguards for a wide array of complex systems that rely on computers – from public water supply systems and electric grids to chemical plants and self-driving vehicles.

Increasingly, these cyber-physical systems, or CPS, are threatened by both physical and cyber attacks. The consequences of such an attack could be catastrophic and range from financial ruin to loss of life, says Dr. Bruce McMillin, the project’s principal investigator. And the myriad access points to such data — from smart meters and security cameras to autonomous cars and wearable devices — only exacerbates the risks.

“The nation’s critical infrastructure is increasingly dependent on systems that use computers to control vital physical components,” says McMillin, professor and interim chair of computer science at Missouri S&T.

“The research aims to ensure that such systems ‘do what they’re supposed to do’ despite an attack by building in defenses that make sure each component behaves and works well with others,” McMillin adds. “The objective: produce from untrusted components a trusted CPS that is resilient to security attacks and failures.”

Dr. Jonathan Kimball, Missouri S&T professor of electrical and computer engineering, and Dr. Rui Bo, an S&T assistant professor of electrical and computer engineering, are co-principal investigators. The research team also includes Dr. Jennifer Leopold, associate professor of computer science from S&T, and Dr. Aditya Mathur, a Purdue University computer science professor.

The project will test the more robust cyber-physical systems on a high-fidelity water treatment system as well as an electrical power test bed to align “concepts from distributed computing, control theory, machine learning and estimation theory to synthesize a complete mitigation of the security and operational threats to a CPS,” McMillin says.

“The key difference from current methods is that security holes will be identified and plugged automatically at system design times, then enforced during run time without relying solely on secure boundaries or firewalls,” he says.

That means treating every aspect of the CPS as its own security domain, building resilience to attacks that can come from within a secure domain.

The NSF grant includes an outreach component to develop educational games to introduce cyber-physical security concepts to children from kindergarten through eighth grade.

The three-year, $962,965 NSF grant builds on previous cybersecurity research by McMillin and Kimball through the FREEDM (Future Renewable Electric Energy Delivery and Management) Systems Center based at North Carolina State University. The S&T and Purdue researchers will also collaborate with counterparts at the Singapore University of Technology and Design.