Effectively inspect the SCADA traffic without sacrificing performance
Traditional Deep Packet Inspection (DPI) enabled Supervisory Control and Data Acquision (SCADA) firewall only partially inspects content of payload which allows specially-crafted packets to carry malicious payload to exploit this drawback. These existing SCADA firewalls also have poor capability in protecting proprietary industrial protocols.
Our new SCADA firewall model, SCADAWall, powered by our Comprehensive Packet Inspection (CPI) technology tackles this partial inspection of the content of payload and ensures capturing of malicious payload. It has been demonstrated in the case study of the Modbus-based metro SCADA system.
This SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations.
This SCADAWall model can also effectively inspect the SCADA traffic without sacrificing the network performance.
Figure (above) - Different forged FC 08 commands captured by Wireshark
SCADAWall has the potential to achieve more security features, such as to prevent critical states or anomaly due to safety concern. With its CPI technology, it can maintain real-time communication without sacrificing network performance. This CPI technology may be further improved by testing against more SCADA protocols whose complexity in pay-load structure is higher than Modbus.
The A*STAR-affiliated researchers contributing to this research are from the Cybersecurity Department of Institute for Infocomm Research.
Paper can be found in:
Computer & Security: SCADAWall: A CPI-Enabled Firewall Model for SCADA Security, Dong Li, Huaqun Guo, Jianying Zhou, Luying Zhou, Jun Wen Wong, Computer & Security, Volume 80, pp. 134-154, January 2019
Patent can be found in:
“Comprehensive Packet Inspection (CPI) for SCADA System”, Dong Li, Huaqun Guo, Jianying Zhou, Luying Zhou, and Jun Wen Wong. Singapore Patent Application No. 10201802677S, 3 April 2018.