Design and assessment of an Orthogonal Defense Mechanism for a water treatment facility

An Orthogonal Defense Mechanism (ODM) was designed and implemented to improve the detection of cyber attacks on an operational water treatment plant (WTreat). Successive design iterations led to an architecture that was prototyped and experimentally evaluated. ODM unobtrusively monitors WTreat using an independent network and gathers data from multiple data sources to corroborate the state of the plant using a state model. ODM is independent of, i.e. orthogonal to, any detection and defense mechanism, such as rule-based intrusion detection, that may otherwise exist in WTreat. ODM uses invariants created from plant design to detect and report anomalies in processes. While the architecture of OD, and its prototype, are specific to a water treatment plant, the underlying design ideas are generic and could be applied to other public infrastructure systems.