Dissecting Industrial Control Systems Protocol for Deep Packet Inspection

Abstract

The nation's critical infrastructures, such as those found in industrial control systems (ICS), are increasingly at risk and vulnerable to internal and external threats. One of the traditional ways of controlling external threats is through a network device called a firewall. However, given that the payload for controlling the ICS is usually encapsulated in other protocols, the tendency is for the firewall to allow packets that appear to be innocuous. These seemingly harmless packets can be carriers for sinister attacks that are buried deep into the payload. The purpose of this paper is to present the different ICS protocol header signatures for the purpose of devising deep packet inspection strategies that can be implemented in network firewalls.