ICS/SCADA Security Technologies and Tools

Introduction

Industrial Control System (ICS)-embedded architectures differ from standard enterprise systems. ICS are interconnected, like enterprise systems, but the core of ICS is the Programmable Logic Controller (PLC) rather than a CPU. The PLC uses logic code and reading sensor inputs to provide system reliability. 

ICSes are susceptible to cybersecurity threats despite the fact that, historically, they weren’t designed to be reliant on the internet to function. Previously, ICS were air-gapped and operated in their own discrete environments, independent of the internet. 

As with standard enterprise architecture environments, Supervisory Control and Data Acquisition (SCADA) environments now have tools to aid in cybersecurity. These tools are categorized by function and include:

  • Network traffic monitoring and anomaly detection
  • Indicators of Compromise (IOC) detection
  • Log analysis
  • Hardware security

The Idaho National Laboratory (INL) recently performed a survey of security tools used in the ICS environment. A short list of some of those tools are below:

Tool name
ABB Cyber Security BenchmarkProtecode 
AlienVault Unified Security Management SIEMRadare 
Binary Ninja Radiflow 
Binwalk Security Onion 
Bro SecurityMatters SilentDefense 
Centrifuge Senami IDS 
CheckPoint Software – SandBlast Snort 
ConPot Snowman 
CyberX XSense Splunk 
DarkTrace ICS Suricata 
Digital Ants Symantec Anomaly Detection for ICS 
Dragos Symantec Embedded Security: CSP 
Elastic Stack Tofino Xenon Security Appliance (Tofino SA) 
FcdT-Pot 
FireEye IOC Editor Tripwire 
FireEye IOC Finder TruffleHog 
Fortinet-Nozomi Networks USB-ARM 
Hyperion Verve Security Center 
McAfee Volatility Framework 
Nessus Waterfall BlackBox 
Nextnine ICS Shield WeaselBoard 
OSSEC X64dbg 
Plaso – Log2timeline YARA

 

While the tools on this list fall into the categories of network traffic monitoring and anomaly detection, Indicators of Compromise (IOC) detection, log analysis and hardware security, they could also be multi-purpose tools, covering multiple categories. 

This article is focused on the following categories and tools:

1. Multi-purpose

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CXWUCitn56s/