Traditionally, networks for ICSs, including but not limited to industries such as water, oil, gas, electrical, automated manufacturing, transportation, and industrial autonomous vehicles, were segregated from and physically incompatible with corporate information technology (IT) systems. However, modern demands for production and maintenance information has led to the integration of corporate IT systems and ICS systems, resulting in increased risk to both business and critical infrastructures.
The Stuxnet virus was the first major virus to attack physical ICS networks by compromising the programmable logic controllers (PLCs) at the center of the control process. In addition to compromising the service laptops at a nuclear enrichment facility, new software was installed to the PLC and, a rootkit was installed within the PLC code to run malicious code that compromised the system control loop.
It should be apparent from the foregoing that there is a need to provide network intrusion detection in ICS networks.