Model verification of fallback control system under cyberattacks via UPPAAL

Industrial control systems (ICS) are required to be operated safely under cyberattacks. Fallback control is necessary for the safe operation of ICS. As one of fallback control systems, we develop a resilient third-party monitoring system. This system consists of Programmable Logic Controllers (PLCs) for normal control and for fallback control. The normal PLC controls field devices, and the fallback PLC takes over the control after the normal PLC is attacked. The fallback control of this paper is the control takeover of a robot arm control system. To quickly transition to this fallback control, it is necessary to incorporate a supervisor function to manage each PLC function in an integrated manner. This paper aims to propose a modeling method of ICS functions and its analysis method to ensure that the supervisor can work properly under cyberattacks. For modeling, we use UPPAAL, specializing in formal verification by timed automata. We implement the models of each PLC and supervisor on UPPAAL. To quantitatively analyze whether the supervisor can really realize the incident response during cyberattacks, we give the specifications necessary for fallback control to the supervisor model using Timed Computation Tree Logic (TCTL) and verify its feasibility.