A Strategy for Security Testing Industrial Firewalls

The ability to secure industrial control systems (ICS) against adversaries relies on defense in depth and implementation of security controls. However, as automation and networking of industrial processes increases, so do the opportunities for adversaries to cause destruction and disruption. Many industrial firewalls are proprietary and often users blindly trust that the firewalls meet vendor security claims. Independent testing can assess these claims. This paper describes the security testing of two commercial ICS firewalls to determine whether or not these firewalls provide protection of resources as advertised. Our test philosophy is guided by the Flaw Hypothesis Methodology (FHM)---a penetration testing technique for discovery of security flaws derived from documentation and other evidence. The test coverage includes functional testing, exception testing, and penetration testing. Testing is conducted on a simulated natural gas compressor system, utilizing two open-source vulnerability analysis tools, Nessus and Metasploit. The testing methodology is the first step toward a general approach for selecting and testing firewalls intended for critical control systems.