Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices

Abstract

Security event logs play a role in the early detection of attacks and in after incident investigations. Controllers used in SCADA, DCS and other control systems log almost no security events. This deficiency is addressed by the Quickdraw application, which is a passive security log generator for controllers. Quickdraw monitors communication like a network IDS, detects events that should be logged in a controller, creates the security events, and then sends the event to a historian, SEM or other log aggregator.