Supervisory control and data acquisition (SCADA) systems are widely used for industrial control of critical infrastructures such as power plants and manufacturing systems. There is abundant evidence of SCADA systems being subject to cyberattacks. With increasing interest in industrial digitization, cybersecurity of SCADA systems is poised to be ever more important. Equipment faults and cyberattacks can manifest themselves in a similar fashion, i.e., can exhibit similar signatures. This presentation focuses on methods capable of distinguishing equipment faults from bonafide cyberattacks. Specifically, we consider a relatively sophisticated form of cyberattack known as the “replay attack”. We derive mathematical formalisms that distinguish the replay attack from several classes of equipment faults, and verify our methodology through an extensive numerical study and a case study.