Industrial control systems are computer-based systems used to control industrial processes and physical functions, such as computerized manufacturing processes. Today, most industrial control systems are connected to external networks and perform communication exchanges with the external networks through industrial controllers. The communication system of choice has standardized on Ethernet and TCP/IP networks. Over the years, these networks have become very efficient, reliable and sophisticated through the use of managed switches, redundant routers and virtual LANs, but network anomalies still occur. Due to the failure of redundant routers and other network equipment or the presence of computer viruses, network anomalies such as “network storms” may occur.
A network storm is defined as an unusual and extremely high level of network activity in the form of broadcast, multicast and/or unicast message packets that are data meaningless to the computer systems connected to the network. Once a network storm occurs, each computer system connected to the network is forced to receive a large amount of meaningless data. As a result, the computer system becomes stalled and its processing power becomes degraded. Worse, eventually computer system becomes frozen during the network storms. This is more detrimental for the computer system that being used as an industrial control system that controls manufacturing processes.
Thus, a need exists for a method which can monitor the network for the network storms and determine the appropriate response to protect the industrial control systems or more specifically, the industrial controllers, from network storms.