Security intelligence for industrial control systems

While there is a broad corpus of security intelligence technologies and solutions for IT (information technology) networks, only moderate experience and investment exists in applying security intelligence approaches to OT (operational technology) networks. OT networks have traditionally been isolated from IT networks, and therefore, security has been of minor concern. Given the trend toward interconnecting OT and IT networks for business reasons, and given the disclosure of highly sophisticated attacks against OT environments, OT network operators increasingly recognize the need to deploy security solutions that are widely known in IT also to OT. OT networks are running critical control processes. Configuration changes are avoided to reduce the risk of misconfiguration or unforeseeable side effects detrimental to the network's operation. Therefore, passive non-intrusive security technologies are favored. Consequently, security intelligence applied to passively collected network data is the most acceptable technology to be deployed in OT networks. In this paper, we show how IT-specific security intelligence techniques can be applied to passively collected OT network data. The techniques have been developed for protecting SCADA (Supervisory Control and Data Acquisition) systems and have been validated in an industrial cyber security testing laboratory.