Exploring How The Unique Behaviours Of Industrial Control System Networks Can Be Applied To Enhance Intrusion Prevention

Abstract

Industrial control system security is essential to protecting both industrial output and Critical National Infrastructure (CNI) from cyber-attack, as well as ensuring the safety of workers, members of the public and the environment.Operators of these facilities face a security problem in the dearth of effective countermeasures. This paper addresses this problem by identifying the reasons why so few countermeasures exist and what approaches could be taken to remedy this in a manner that serves both traditional Industrial Control Systems (ICSs), and the emerging needs of the Industrial Internet of Things (IIoT).Circa two-thousand-five-hundred documents (sourced from a combination of five academic search engines, standards agencies, and industrial reports) were reviewed and analysed. From this was found that existing ICS countermeasures are largely derived from existing IT solutions that do not seek to take advantage of the specific characteristics of ICSs – making them less effective or inappropriate in many ICS applications; this is particularly true of network intrusion protection systems, for which false positive detection can have a serious impact on the safe and reliable operation of industrial facilities.It is proposed that the characteristics of ICS and IIoT communications networks lend themselves to a whitelisting approach to network intrusion protection, which would avoid the problem of false positives, and that future work based on the OPC-UA protocol would prove this and demonstrate its suitability for all ICS and IIoT applications.