"SwRI Creates Cyber Threat Detection System"

Researchers at the Southwest Research Institute (SwRI) developed an Intrusion Detection System (IDS) for Industrial Control Systems (ICS) aimed at helping government and industry improve the detection of cyber threats to industrial networks in critical infrastructure. The IDS, funded by SwRI, addresses emerging cyber threats faced in the continuously changing industrial automation ecosystem. The team applied algorithms to scan for cyber threats across network protocols that transmit industrial control data for natural gas pipelines, manufacturing robots, and more, which led to the development of the IDS for ICS. The design of ICS historically did not consider security as there was the benefit of having an air gap to enable ICS to operate securely without a connection to IT networks. However, it is no longer an option to unplug industrial networks from IT networks for modern automation systems that depend on Internet of Things (IoT) devices to transmit large amounts of data. Connecting IoT devices and other hardware leaves industrial networks vulnerable. Malicious actors could launch attacks via a vulnerable IoT device, network protocols, and outdated software. The SwRI team focused their research on scanning for cyberattacks over the Modbus/TCP protocol, which utilities and industry have used in Supervisory Controls and Data Acquisition (SCADA) systems equipment for decades. The algorithms they developed were applied in testing the recognition of normal Modbus/TCP traffic and identifying cyberattack vectors, such as data fuzzing/manipulation, address probing, and out-of-band timing. Their algorithms classify data packets as "regular" if they originate from an uncompromised industrial control device or "attack" if the source is an unexpected or compromised device. This article continues to discuss SwRI's research and development of the IDS system for ICS.

TRR reports "SwRI Creates Cyber Threat Detection System"