Systems and methods for control system security

We claim: 1 . A method, comprising: transmitting a first key through one or more control paths of a control system; generating a reconstruction of the first key in response to the transmitting; and detecting an anomaly pertaining to operation of the control system based, at least in part, on the reconstruction of the first key. 2 . The method of claim 1 , further comprising communicating at least a portion of the first key through a cyber-physical control loop configured to control a physical process of the control system. 3 . The method of claim 1 , further comprising communicating at least a portion of the first key through a physical control coupling of the control system. 4 . The method of claim 1 , further comprising: receiving validation data from the one or more control paths of the control system in response to transmitting the first key; reconstructing the first key from the validation data; and comparing the first key to the reconstruction of the first key. 5 . The method of claim 1 , further comprising: generating the first key, comprising generating physical key data configured to characterize an aspect of a physical state of the control system; transmitting a plurality of fragments of the first key through the one or more control paths of the control system, each fragment of the plurality of fragments comprising at least a portion of the physical key data; and reconstructing the first key from validation data received in response to transmitting the plurality of fragments through the one or more control paths of the control system. 6 . The method of claim 5 , further comprising generating cyber key data configured to characterize an aspect of a state of electronic communication on an electronic communication network of the control system, wherein each fragment of the plurality of fragments comprises at least a portion of the cyber key data. 7 . The method of claim 1 , further comprising: generating the first key, the first key comprising physical key data configured to characterize an aspect of a state of a first physical component coupled to a physical process of the control system and cyber key data configured to characterize an aspect of a state of cyber communication at a first cyber component configured to communicatively couple the first physical component to an electronic communication network of the control system; communicating least a portion of the first key through a first group of components of the control system, the first group including the first physical component and the first cyber component; determining a first error metric corresponding to communication of the first key through the first group of components of the control system; generating a second key for communication through a second group of components of the control system, the second group configured to include one or more components included in the first group of components and to exclude a designated component included in the first group of components; calculating a second error metric corresponding to communication of the second key through the second group of components of the control system; and attributing at least a portion of the first error metric to the designated component of the control system based, at least in part, on a comparison between the first error metric and the second error metric. 8 . The method of claim 7 , wherein: the first physical component comprises one or more of a sensor device, an acquisition device, an actuator device, a controller, and a first intelligent electronic device; the first cyber component comprises one or more of a communication component, a cyber communication component, cyber communication node, a network component, a network router, a network switch, a network hub, a network concentrator, a network security device, a firewall, a network filter, and a second intelligent electronic device; the designated component comprises one or more of the first physical component and the first cyber component; and the method further comprises detecting an anomaly pertaining to the designated component based, at least in part, on the portion of the first error metric attributed to the designated component. 9 . An apparatus for control system security, comprising: a processor coupled to a memory; a security agent adapted for operation on the processor and configured to: generate state keys pertaining to a control system, and communicate the state keys through control paths of the control system; and a security engine configured to: determine error metrics corresponding to communication of respective state keys through the control paths of the control system, and detect anomalous operation of the control system based, at least in part, on the determined error metrics. 10 . The apparatus of claim 9 , wherein each state key comprises cyber key data configured to characterize an aspect of a state of cyber communication within the control system and physical key data configured to characterize an aspect of a physical state of the control system. 11 . The apparatus of claim 9 , further comprising an acquisition engine configured to acquire cyber-physical state metadata from the control system, the cyber-physical state metadata pertaining to aspects of one or more of a cyber state of the control system and a physical state of the control system, wherein: the cyber state is configured to characterize aspects of electronic communication on a network of the control system, and the physical state is configured to characterize aspects of a physical state of the control system. 12 . The apparatus of claim 11 , wherein: the acquisition engine is further configured to determine confidence metrics for the acquired cyber-physical state metadata based, at least in part, on the error metrics corresponding to communication of the respective state keys through the control paths of the control system; and the confidence metrics are configured to quantify a confidence that the cyber-physical state metadata accurately captures aspects of one or more of the cyber state of the control system and the physical state of the control system. 13 . The apparatus of claim 12 , wherein the acquisition engine is further configured to estimate the cyber-physical state of the control system based, at least in part, on the cyber-physical state metadata acquired from the control system and the determined confidence metrics. 14 . The apparatus of claim 13 , wherein the security engine is further configured to detect the anomalous operation of the control system based, at least in part, on the determined cyber-physical state of the control system. 15 . The apparatus of claim 13 , wherein the security engine is further configured to detect the anomalous operation of the control system based, at least in part, on a comparison between the estimated cyber-physical state of the control system and a baseline cyber-physical state of the control system. 16 . A non-transitory storage medium comprising instructions configured for execution by a processor of a computing device, the instructions configured to cause the computing device to implement operations, comprising: retrieving validation data from a control system, the validation data returned from the control system in response to communication of key data through one or more control paths of the control system; acquiring state metadata from the control system in response to communication of the key data, the state metadata pertaining to one or more of a physical state of the control system and a cy