Real-time detection of cyberattacks, system faults, and unknown anomalies in industrial control systems (ICS) remains challenging due to stringent latency constraints and the need for actionable diagnostics. Method: This paper proposes a lightweight, interpretable detection framework grounded in sensor-actuator coupling relationships. It introduces the novel “coarse-fine step” paradigm to ICS anomaly detection, enabling nonlinear relationship linearization and joint dimensionality reduction for low-latency classification. Explainable AI (XAI) techniques are deeply integrated to ensure causal attribution and model transparency. Contribution/Results: Evaluated on a real-world water treatment testbed, the framework achieves millisecond-scale anomaly detection with precise localization—down to individual sensors or actuators—and delivers high-confidence, causally grounded explanations. It outperforms state-of-the-art AI/ML methods in both detection accuracy and interpretability, while satisfying strict real-time requirements and practical deployment constraints.

The continuous monitoring of the interactions between cyber-physical components of any industrial control system (ICS) is required to secure automation of the system controls, and to guarantee plant processes are fail-safe and remain in an acceptably safe state. Safety is achieved by managing actuation (where electric signals are used to trigger physical movement), dependent on corresponding sensor readings; used as ground truth in decision making. Timely detection of anomalies (attacks, faults and unascertained states) in ICSs is crucial for the safe running of a plant, the safety of its personnel, and for the safe provision of any services provided. We propose an anomaly detection method that involves accurate linearization of the non-linear forms arising from sensor-actuator(s) relationships, primarily because solving linear models is easier and well understood. Further, the time complexity of the anomaly detection scenario/problem at hand is lowered using dimensionality reduction of the actuator(s) in relationship with a sensor. We accomplish this by using a well-known water treatment testbed as a use case. Our experiments show millisecond time response to detect anomalies and provide explainability; that are not simultaneously achieved by other state of the art AI/ML models with eXplainable AI (XAI) used for the same purpose. Further, we pin-point the sensor(s) and its actuation state for which anomaly was detected.