A cyber-defensive industrial control system with redundancy and intrusion detection

Abstract

Technological advancement of Industrial Control Systems (ICS) and control systems automation over the past decade has brought greater interconnections of the control components. Modern control communication systems such as ModbusTCP are based on open standards that leverage Ethernet to allow interoperability between solutions from different vendors. The enhanced exchange of information has, as a side effect, created cyber security vulnerabilities such as entry points for hackers. Network monitoring typically applied to corporate networks is rarely implemented for ICS networks and should be mandatory for critical systems. Defense-in-Depth (DiD) is a concept that built on the premise of early detection and providing alerts of intrusions to guarantee that defensive action is taken prior to the breach of any critical assets. This paper validates the new intrusion detection based cyberdefensive architecture by using a Raspberry Pi based ModbusTCP control system that enables simulation of cyber-attacks, and illustrates a mitigation measure with the added feature of Modbus monitoring using Snort.