The present invention relates to industrial control systems and, in particular, hardware-based granular traffic storm protection in industrial control systems.
Control networks used for communication among industrial controllers differ from standard networks in that they must operate to communicate data reliably within predefined time limits. Often this is accomplished by additional communication protocols that reserve network bandwidth and schedule messages to prevent collisions and the like that can introduce unpredictable delay into network communications. Such networks commonly used in industrial control systems include, for example, ControlNet, DeviceNet, EtherNet/IP and Sercos, whose specifications are published and whose Common Industrial Protocol (CIP) is used broadly by a number of manufacturers and suppliers.
Industrial systems, like many other systems, may also be susceptible to application disruption in the presence of traffic storms. For example, bursts of messages caused by new devices coming online, malfunctioning devices sending broadcast traffic, and intentional disruption from an attacker sending broadcast or unicast messages could all be potential sources of traffic storms causing such disruption.
Current implementations may perform hardware-based filtering of broadcast, multicast, or unicast packets generally, and when a threshold is reached, the packets may hr dropped or the port disabled, regardless of whether the packets provide critical industrial application messages or less important extraneous information. Some implementations may monitor messages more specifically in software or firmware and inhibit processing of or otherwise dispose of low priority messages in a traffic storm. However, such software or firmware processing requires CPU processing resources which, when provided, takes resources away from other application processing. This may become particularly problematic in industrial applications in which a continuous flow of message traffic may be critical for maintaining an industrial process, such as one or more machines for manufacturing that are in motion.