Control systems are isolated, not…

Jan. 16, 2008
How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic. I was recently provided a screen snapshot of the SNORT (intrusion detection system) logs from the firewall protecting a control system network. The control system network i...
How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic. I was recently provided a screen snapshot of the SNORT (intrusion detection system) logs from the firewall protecting a control system network. The control system network included generation, distribution, and transmission. In this case, there were more than 18,000 hits over a 30 hour time period. I then contacted a small utility. This particular utility had a network monitoring their substations. Depending on the time cycle, the utility would see on the order of 2500 hits over a 48 hour period when the technicians would be doing maintenance at the substations with laptop connectivity.  There are several caveats to the data: - Much of the data is internally generated. However, internally generated data can provide an ideal "cloak" for malicious packets. Additionally, internally generated data if it includes scans can create unintentional broadcast storms affecting field equipment such as PLCs. - The data is a function of the configuration, training, and SNORT profiles used. - The data has not been analyzed. The intention is to analyze the data and present the results at the Applied Control Solutions Control System Cyber Security Conference in the Chicago area the week of August 4th. As with firewalls, SNORT configuration rule sets are critical to obtaining appropriate and meaningful data. Consequently, a hands-on "SNORT for control systems" class is planned. Further information on the Conference will be coming soon - check the www.realtimeacs.com website for details. Joe Weiss  

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.