Dong Li, Huaqun Guo, Jianying Zhou, Luying Zhou, Jun Wen Wong, SCADAWall: A CPI-enabled firewall model for SCADA security, Computers & Security, Volume 80, 2019, Pages 134-154, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2018.10.002.
Many firewalls have been extending their security capabilities to support Supervisory Control and Data Acquisition (SCADA) systems or to protect the operations within industrial process control. A SCADA firewall usually needs to inspect deeper into the payload to understand exactly what detailed industrial applications are being executed. However, security features in traditional SCADA firewalls have drawbacks in two main aspects. First, a traditional Deep Packet Inspection (DPI) enabled SCADA firewall only partially inspects the content of payload. Specially-crafted packets carrying malicious payload can exploit this drawback to bypass the firewall’s inspection. Second, existing SCADA firewalls have poor capability for protecting proprietary industrial protocols. In this paper, we propose a new SCADA firewall model called SCADAWall. This model is powered by our Comprehensive Packet Inspection (CPI) technology. SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations. We have compared our security features with two commercial SCADA firewalls. Our experiment also shows that SCADAWall can effectively mitigate those drawbacks without sacrificing SCADA system’s low latency requirement.
This work was supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR/-NCR001/-31) and administered by the National Cybersecurity R&D Directorate.