A Strategy for Security Testing Industrial Firewalls

The article of record as published may be found at https://doi.org/10.1145/3372318.3372323The ability to secure industrial control systems (ICS) against adversaries relies on defense in depth and implementation of security controls. However, as automation and networking of industrial processes increases, so do the opportunities for adversaries to cause destruction and disruption. Many industrial firewalls are proprietary and often users blindly trust that the firewalls meet vendor security claims. Independent testing can assess these claims. This paper describes the security testing of two commercial ICS firewalls to determine whether or not these firewalls provide protection of resources as advertised. Our test philosophy is guided by the Flaw Hypothesis Methodology (FHM)—a penetration testing technique for discovery of security flaws derived from documentation and other evidence. The test coverage includes functional testing, exception testing, and penetration testing. Testing is conducted on a simulated natural gas compressor system, utilizing two opensource vulnerability analysis tools, Nessus and Metasploit. The testing methodology is the first step toward a general approach for selecting and testing firewalls intended for critical control systems

A Two-level Intrusion Detection System for Industrial Control System Networks using P4

The increasing number of attacks against Industrial Control Systems (ICS) have shown the vulnerability of these systems. Many ICS network protocols have no security mechanism and the requirements on high availability and real-time communication make it challenging to apply intrusive security measures. In this paper, we propose a two-level intrusion detection system for ICS networks based on Software Defined Networking (SDN). The first level consists of flow and Modbus whitelists, leveraging P4 for efficient real- time monitoring. The second level is a deep packet inspector communicating with a SDN controller to update the whitelist of the first level. We show by experiments in an emulated environment that our design has only a small impact on communication latencies in the ICS and is efficient against Modbus/TCP oriented attacks