The Offshore Technology Conference (OTC) is on in full force right now and Belden’s booth (7236) has been busy. Liaising with our booth staff I have heard that safety and security are hot topics with attendees this year. Well here is a topic they should know about, that is, why offshore networks need SCADA security with Deep Packet Inspection (DPI).
Let me give you some context. The critical systems managing production and safety on offshore platforms are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols. Many of these products are decades old and were never designed with security in mind. Yet nowadays they are connected to other systems using Ethernet and TCP/IP. That has been great for efficiency but it exposes mission critical production systems to malware. Read more
Deep Packet Inspection (DPI) is important for the future of SCADA / ICS security – and in this article I explain why.
DPI SCADA Security: Reviewing the Basics
In Part 1 of this series I explained DPI technology in detail. To review, the traditional IT firewall examines the TCP/IP and Ethernetheaders in the network messages it sees. It then makes decisions whether to allow or block a message based on this limited information.
DPI technology allows the firewall to dig deep into the SCADA protocols that sit on top of TCP/IP and Ethernet. The firewall then determines exactly what the SCADA protocol is being used for and makesbetter decisions on what should be allowed or blocked.
The example I gave in the last article was theseaway management company that used Tofino Modbus DPI firewalls to protect the PLCs runningits canal locks and bridges. By blocking all Modbus write messages(and programming messages), and allowing Modbus Data read messages, the company could improve the safety of the canal system for both the ships in the canals and the public usingthe draw bridges at the locks. Read more
I have talked repeatedly about something called Deep Packet Inspection (DPI) and why it is so important for SCADA / ICS security (for example, see Air Gaps won’t Stop Stuxnet’s Children). The trouble is, I have never described what DPI actually is. So in today’s blog I will back up and explain what DPI firewall technology is all about.
Some Firewall Basics
To understand DPI, it is first important to understand how the traditional IT firewall works. A firewall is simply a devicethatmonitors and controls traffic flowing in or between networks. It starts by capturing traffic passing through it and comparingthat traffic to a predefined set of rules(called Access Control Lists or ACLs). Any messages that do not match the ACLs are then discarded. Read more