Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips
Deep Packet Inspection (DPI) is important for the future of SCADA / ICS security - and in this article I explain why.
In Part 1 of this series I explained DPI technology in detail. To review, the traditional IT firewall examines the TCP/IP and Ethernet headers in the network messages it sees. It then makes decisions whether to allow or block a message based on this limited information.
I have talked repeatedly about something called Deep Packet Inspection (DPI) and why it is so important for SCADA / ICS security (for example, see Air Gaps Won’t Stop Stuxnet’s Children). The trouble is, I have never described what DPI actually is. So in today’s blog I will back up and explain what DPI firewall technology is all about.
In my earlier column on the philosophy of Defense in Depth, I discussed how relying on a single defensive solution exposes a system to a single point of failure. No matter how well designed or strong that single defense is, either resourceful adversaries or Murphy’s Law eventually results in the defense malfunctioning or being bypassed. When that happens, the entire system is wide open to attack.
|
As someone working in the field of industrial cyber security I never thought I would see the day when a cyber attack would be the topic of a prime time television show. |
|
In my blog article Industrial Data Compromise – The New Business Risk I recommended that End Users and Control Engineers need to redouble their efforts in relation to securing their process. |