hiring
AAA  AAA 

S4 Preview: Customizing Control System Intrusion Detection at the Application Layer

I will be previewing one S4 2009 paper each week – - may need to pick up the pace a bit. Digital Bond’s SCADA Security Scientific Symposium is Jan 21-22 in Miami Beach with an advanced control system security course on Jan 20th. For more information on the event and registration check out these links:

Customizing Control System Intrusion Detection at the Application Layer

Mai Kiuchi will present this paper authored by a group of researchers from CRIEPI in Japan. Since Digital Bond’s first research project was control system IDS signatures, this is near and dear to my heart. This effort takes signature customization to the extreme.

Imagine you have a specific SCADA or DCS application. While it may use DNP3, EtherNet/IP or some other ’standard’ protocol to communicate to the field devices, it often has another protocol for communicating from HMI to Control Server or Control Server to Historian. These protocols are very structured in format and communication flow. What type of IDS could be build around the application? How could it be further customized to a particular installation.

This description does not to the paper justice. I’m very interested to see the reaction to the very specific examples and results in this paper. And I’m already thinking that vendors may be in the best position to deliver a set of application specific signatures that they could even further customize as a service for an asset owner.

There is also a section in the paper that measures the performance impact of adding firewalls and implementing VPN’s in the control system network.

Other S4 Previews

Author: Dale Peterson
Posted: January 6th, 2009 under S4.
Comments: none

Write a comment