Comparative analysis of the standalone and Hybrid SDN solutions for early detection of network channel attacks in Industrial Control Systems: A WWTP case study

Abstract

Industrial Control Systems (ICS) are critical to operating various Critical infrastructures (CIs). However, ICS communication channels connecting sensors, actuators, and local and supervisory controllers are vulnerable to network attacks compromising the system’s availability and integrity. This study proposes and compares Standalone and Hybrid Software Defined Networking (SDN) solutions to mitigate (Detect and Respond) network channel attacks in ICS environments. The methodology utilised applies a testbed designed in GNS3 following the IEC 62264 Industrial Automation Pyramid. It incorporates ICS components such as PLCs and SCADA and a Simulink-based digital twin system for a wastewater treatment plant. This research establishes a proof of concept involving detection and response to network channel attacks evaluated through packet thresholds, packet analysis, and cryptographic hashing techniques in SDN. The Mitre attack framework is implemented to provide insight into the system’s vulnerabilities through adversary emulation. The research findings reveal that both SDN solutions effectively enhance ICS network security; the Standalone SDN solution is more suitable for time-sensitive networks, while the Hybrid SDN solution better serves non-time-sensitive industrial environments. While the Standalone SDN solution offers a 75% efficiency improvement, its’ status as a nascent technology introduces unresolved vulnerabilities and limited testing favouring the Hybrid SDN solution, which provides robust security and reliability due to the integration with the Snort IDS. Thus, selecting the appropriate solution requires carefully considering the trade-offs between enhanced performance and established security. In conclusion, this study underscores the potential of SDN solutions in strengthening ICS security and suggests areas for future research.