Industrial control systems that operate physical systems (e.g., associated with power turbines, jet engines, locomotives, autonomous vehicles, etc.) are increasingly connected to the Internet. As a result, these control systems have been increasingly vulnerable to threats, such as cyber-attacks (e.g., associated with a computer virus, malicious software, etc.), that could disrupt electric power generation and distribution, damage engines, inflict vehicle malfunctions, etc. Current methods primarily consider attack detection in Information Technology (“IT,” such as, computers that store, retrieve, transmit, manipulate data) and Operation Technology (“OT,” such as direct monitoring devices and communication bus interfaces). Cyber-attacks can still penetrate through these protection layers and reach the physical “domain” as seen in 2010 with the Stuxnet attack. Such attacks can diminish the performance of a control system and may cause total shut down or catastrophic damage to a plant. Currently, no methods are available to automatically detect, during a cyber-incident, attacks at the domain layer where sensors, controllers, and actuators are located. In some cases, multiple attacks may occur simultaneously (e.g., more than one actuator, sensor, or parameter inside control system devices might be altered maliciously by an unauthorized party at the same time). Note that some subtle consequences of cyber-attacks, such as stealthy attacks occurring at the domain layer, might not be readily detectable (e.g., when only one monitoring node, such as a sensor node, is used in a detection algorithm). It may also be important to determine when a monitoring node is experiencing a fault (as opposed to a malicious attack) and, in some cases, exactly what type of fault is occurring. Existing approaches to protect an industrial control system, such as failure and diagnostics technologies, may not adequately address these problems—especially when multiple, simultaneous attacks and/faults occur since such multiple faults/failure diagnostic technologies are not designed for detecting stealthy attacks in an automatic manner. It would therefore be desirable to protect an industrial asset from cyber-attacks in an automatic and accurate manner even when attacks percolate through the IT and OT layers and directly harm control systems.