Dong Li, Huaqun Guo, Jianying Zhou, Luying Zhou, Jun Wen Wong, SCADAWall: A CPI-enabled firewall model for SCADA security, Computers & Security, Volume 80, 2019, Pages 134-154, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2018.10.002.
Many ﬁrewalls have been extending their security capabilities to support Supervisory Control and Data Acquisition (SCADA) systems or to protect the operations within industrial process control. A SCADA ﬁrewall usually needs to inspect deeper into the payload to understand exactly what detailed industrial applications are being executed. However, security features in traditional SCADA ﬁrewalls have drawbacks in two main aspects. First, a traditional Deep Packet Inspection (DPI) enabled SCADA ﬁrewall only partially inspects the content of payload. Specially-crafted packets carrying malicious payload can exploit this drawback to bypass the ﬁrewall’s inspection. Second, existing SCADA ﬁrewalls have poor capability for protecting proprietary industrial protocols. In this paper, we propose a new SCADA ﬁrewall model called SCADAWall. This model is powered by our Comprehensive Packet Inspection (CPI) technology. SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations. We have compared our security features with two commercial SCADA ﬁrewalls. Our experiment also shows that SCADAWall can effectively mitigate those drawbacks without sacriﬁcing SCADA system’s low latency requirement.
National Research Foundation (NRF), Prime Minister’s Ofﬁce, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR/-NCR001/-31)