Ethernet technology is widely used in the resident, office and industrial sectors. As Ethernet network and information technology becomes more popular and more mature, the trend is to use Ethernet technology as a major communications interface in many industrial communications and automation applications. Because the process control industry and the automation industry have recognized the significance of Ethernet/TCP/IP, the Ethernet network protocol is becoming a dominant communication technology at the process level and control level.
Many manufacturers of programmable logic controllers (PLCs) and distributed control systems (DCSs) produce products that incorporate a built-in Ethernet interface, which can are used to connect PLCs, Ethernet I/O, and other industrial instruments. Consequently, Ethernet technology has migrated from non-critical office environments to the critical but less predictable industrial environments. However, traditional off-the-shelf Ethernet equipment typically cannot meet high reliability requirements of industrial applications.
The industrial network may thus be susceptible to both internal and external cyber-attacks and non-intentional actions that still disrupt the performance/operation of the system. As a preventive measure from external cyber-attacks, firewalls or other security measures may be taken to separate the industrial network from other networks. However, the industrial network is still vulnerable since such security measures are not foolproof in the prevention of external attacks by viruses, worms, Trojans and other forms of malicious code as well as computer hacking, intrusions, insider attacks, errors, and omissions may occur. Additionally, an infected PC or system, for example, can bypass the firewall by connecting to the industrial network using a modem, direct connection, or by a virtual private network (VPN). The PC or system may then introduce worms or other forms of malicious code into the industrial network. Moreover, a PC or system may be connected directly to the network behind the firewall. All of the above-mentioned scenarios may cause degraded performance or may create communication failures in industrial automation environments. While a communication failure in an office environment could merely create a minor inconvenience, even a short communication failure in an industrial environment may create a safety hazard and tremendous loss in investment.
In addition, PLC (Programmable logic Control), input/output devices, HMI (Human Machine Interface), DCS (Distributed Control System), Supervisory Control and Data Acquisition (SCADA), and automation control equipment often used in the management of critical industrial systems such as electricity generation and distribution, oil production, transportation, manufacturing and health services have become increasingly interconnected through the use of popular communications technologies such as Ethernet, TCP/IP and web services. While the networking of SCADA and automation control equipment has brought considerable benefit in the form of improved information flows and efficiency, it has also exposed these systems to the possibility of attack from viruses, hackers and terrorists as once isolated devices and networks become accessible from around the world. There may be numerous poorly protected control devices spanning the globe. These devices may be charged with the safe operation of critical systems and infrastructure such as power transmission substations, gas pipelines, manufacturing plants and the like, yet at the same time remain largely unprotected from malicious persons who may target them for attack.
In addition to security concerns, a control system is vulnerable to non-intentional actions that may disrupt the performance/operation of the system. For example, a device legitimately connected to the control system may inundate the network with messages to another device in the control system. Consequently, other devices in the control system that have time-critical communication requirements may be adversely affected.
One approach to resolving the above issues, in accordance with prior art, is to monitor events of the industrial network and accordingly raise alerts. The industrial network may perform a threat assessment and respond in accordance with the threat assessment. A wide variety of conditions relating to performance, health and security information about the industrial network as well as other factors reflecting conditions external to the industrial network may be taken into account. However, the monitoring of alarms is an alert capability that can be used to trigger actions to prevent access but, by itself, does not prevent access.
Traditional security solutions are also based on central firewalls protecting unsecured internal devices or computers from the outside world. However this approach often does not address the requirements of the industrial controls world. Existing controllers typically do not offer authentication, integrity or confidentiality mechanisms and can be completely controlled by any individual that can find or “ping” the network and the associated devices. In addition, traditional security solutions typically cannot be easily patched nor have security features added to them. Once a virus or hacker manages to get past (or is already inside) the traditional firewall, the devices protected by the firewall, such as a typical programmable logic controller (PLC) or distributed control system (DCS) is an easy target for attack.