"SwRI Develops Cyber Security Intrusion Detection System for Industrial Control Systems"
Researchers at the Southwest Research Institute (SwRI) have developed an Intrusion Detection System (IDS) for Industrial Control Systems (ICS). The technology aims to help government and industry improve the detection of cyber threats to industrial networks in critical infrastructure. The research behind the IDS was funded by SwRI to address emerging cyber threats faced in the continuously changing industrial automation ecosystem. The team applied algorithms to scan for cyber threats across network protocols that transmit industrial control data for natural gas pipelines, manufacturing robots, and more, which led to the development of the IDS for ICS. Ian R. Meinzen, a SwRI intelligent machines engineer who worked on the project, noted that the design of ICS historically did not consider security as there was the benefit of having an air gap to enable ICS to operate securely without a connection to IT networks. However, it is no longer an option to unplug industrial networks from IT networks for modern automation systems that depend on Internet of Things (IoT) devices to transmit large amounts of data. Connecting IoT devices and other hardware leaves industrial networks vulnerable. Malicious actors could launch attacks via a vulnerable IoT device, network protocols, and outdated software. The SwRI team focused their research on scanning for cyberattacks over the Modbus/TCP protocol, which utilities and industry have used in Supervisory Controls and Data Acquisition (SCADA) systems equipment for decades. The algorithms they developed were applied in testing the recognition of normal Modbus/TCP traffic and identifying cyberattack vectors, such as data fuzzing/manipulation, address probing, and out-of-band timing. Their algorithms classify data packets as "regular" if they originate from an uncompromised industrial control device or "attack" if the source is an unexpected or compromised device. This article continues to discuss SwRI's research and development of the IDS system for ICS.