Industrial asset control systems that operate physical systems (e.g., associated with power turbines, jet engines, locomotives, autonomous vehicles, etc.) are increasingly connected to the Internet. As a result, these control systems may be vulnerable to threats, such as cyber-attacks (e.g., associated with a computer virus, malicious software, etc.), that could disrupt electric power generation and distribution, damage engines, inflict vehicle malfunctions, etc. Current methods primarily consider threat detection in Information Technology (“IT,” such as, computers that store, retrieve, transmit, manipulate data) and Operation Technology (“OT,” such as direct monitoring devices and communication bus interfaces). Cyber-threats can still penetrate through these protection layers and reach the physical “domain” as seen in 2010 with the Stuxnet attack. Such attacks can diminish the performance of an industrial asset and may cause a total shut down or even catastrophic damage to a plant. Currently, Fault Detection Isolation and Accommodation (“FDIA”) approaches only analyze sensor data, but a threat might occur even in other types of threat monitoring nodes such as actuators, control logical(s), etc. Also note that FDIA is limited only to naturally occurring faults in one sensor at a time. FDIA systems do not address multiple simultaneously occurring faults since they are normally due to malicious intent. Moreover, understanding and/or responding to threats in an industrial asset may depend at least in part on whether an attack is independent (e.g., new and unrelated to any other attack) or dependent attack (e.g., a result of an independent attack on other nodes appearing as an attack on the node under consideration due to feedback). Making this determination, however, can be a difficult task. It would therefore be desirable to protect an industrial asset from malicious intent, such as cyber-attacks, in an automatic and accurate manner.