Industrial asset control systems that operate physical systems (e.g., associated with power turbines, jet engines, locomotives, autonomous vehicles, etc.) are increasingly connected to the Internet. As a result, these control systems may be vulnerable to threats, such as cyber-attacks (e.g., associated with a computer virus, malicious software, etc.), that could disrupt electric power generation and distribution, damage engines, inflict vehicle malfunctions, etc. Current methods primarily consider threat detection in Information Technology (“IT,” such as, computers that store, retrieve, transmit, manipulate data) and Operation Technology (“OT,” such as direct monitoring devices and communication bus interfaces). Cyber-threats can still penetrate through these protection layers and reach the physical “domain” as seen in 2010 with the Stuxnet attack. Such attacks can diminish the performance of an industrial asset and may cause a total shut down or even catastrophic damage to a plant. Currently, Fault Detection Isolation and Accommodation (“FDIA”) approaches only analyze sensor data, but a threat might occur even in other types of threat monitoring nodes such as actuators, control logical(s), etc. Also note that FDIA is limited only to naturally occurring faults in one sensor at a time. FDIA systems do not address multiple simultaneously occurring faults as they are normally due to malicious intent. Note that quickly detecting an attack may be important when responding to threats in an industrial asset (e.g., to reduce damage, to prevent the attack from spreading to other assets, etc.). Making such a detection quickly (e.g., at substantially sample speed), however, can be a difficult task. It would therefore be desirable to protect an industrial asset from malicious intent, such as cyber-attacks, in an automatic, rapid, and accurate manner.