"Making a Smaller Target for Hackers: Technology Keeps Industrial Control Systems Safer by Limiting Online Access"
OpDefender, a technology created at Idaho National Laboratory (INL) for the US Department of Homeland Security (DHS), is founded on the principle of minimizing the attack surface as much as possible. Operational control technology exists at all levels of the nation's critical infrastructure, switching breakers at substations, opening floodgates at dams, and opening and closing valves in oil refineries and water treatment facilities. If left unprotected, Industrial Control Systems (ICS) are so vulnerable that anyone with basic programming skills can shut down a substation, leaving thousands of people in the dark. OpDefender operates on the premise that no device on a network of control systems can be trusted. It includes network switches that analyze and filter network packets in real-time, enabling operators to implement "whitelisting" rules. Its human-machine interface prevents any device from communicating with a network until an administrator has configured it. By default, an alarm sounds when a network receives data from a device that has not been whitelisted. OpDefender's proprietary software enables it to function as a "smart" switch, differentiating between routine and suspicious communications. When suspicious communication is detected, the system quarantines the packet and notifies a human operator. The operator then controls which commands reach the ICS via a simple interface. OpDefender, unlike detection systems that require span ports and big data analysis, analyzes packets in real-time and only flags violations. This article continues to discuss the capabilities, development, testing, and support of the OpDefender technology.