Abstract

     Distributed model predictive control (DMPC) schemes have become a popular choice for networked control problems. Under this approach, local controllers use a model to predict its subsystem behavior during a certain horizon so as to find the sequence of inputs that optimizes its evolution according to a given criterion. Some convenient features of this method are the explicit handling of constraints and the exchange of information between controllers to coordinate their actuation and minimize undesired mutual interactions. However, we find that schemes have been developed naively, presenting flaws and vulnerabilities that malicious entities can exploit to gain leverage in cyber-attacks. The goal of this work is to raise awareness about this issue by reviewing the vulnerabilities of DMPC methods and surveying defense mechanisms. Finally, several examples are given to indicate how these defense mechanisms can be implemented in DMPC controllers.

Introduction

     The last years have witnessed a growing interest in distributed control methods due to their superior scalability in large-scale applications such as smart grids (Qi et al., 2011, Yazdanian and Mehrizi-Sani, 2014), water systems (Negenborn, van Overloop, Keviczky, & De Schutter, 2009), and traffic control (De Oliveira & Camponogara, 2010). This approach considers the overall system as an aggregation of smaller pieces, i.e., subsystems, which are locally managed by control units referred to as agents (Kordestani et al., 2021, Scattolini, 2009), whose combined decisions determine the overall performance due to the subsystems’ coupling, e.g., in the control objectives and the system constraints. Moreover, this decomposition may be the only choice regarding the control architecture in applications where the implementation of a centralized controller becomes unfeasible due to the problem size or the existence of multiple independent decision-making entities.

Conclusions

     The evolution of technology is leading towards a world of pervasive connectivity where control systems are expected to play a major role. In this context, DMPC algorithms are likely to become essential because they enhance their capabilities with the progress of technology and they offer a means to coordinate control actions in order to attain optimal performance in a scalable manner. However, an interconnected world will also offer significant opportunities for cyber-attacks, which may have devastating consequences if they affect critical infrastructures. Even nowadays we can find every now and then headlines in major newspapers that show how severe cyber-threats can become, with some notorious attacks disrupting applications such as nuclear plants, power grids, smart buildings and autonomous cars, to make a few examples.

     In this article we have reviewed the most vulnerable spots in the control infrastructure that can be exploited to attack DMPC methods. In addition, we have seen that the algorithms have inherent vulnerabilities because their design is usually based on the assumption that every controller in the network will be compliant with the algorithm employed. To deal with these issues, we have presented detection and mitigation mechanisms that can be used to make these schemes resilient. In particular, we have seen that learning methods can make a difference in defensive tasks because of their superior flexibility to adapt to the nominal operation conditions.