We take it as a given that it’s essential to deploy firewalls inside ICS networks. However, it is less clear why and which properties should such firewalls have: should they be stateful? DPI? Signature-based? In this post I will try to shed some light on the topic.
Consider a typical ICS network, with a main control center that communicates with multiple remote sites. Each remote site contains several field devices, such as PLCs and IEDs. For the sake of simplicity, let’s say that the remote sites communicate only with the control center, using a trusted private VPN between the gateways.
It’s safe to say that without appropriate protection, the ICS network described would be open to numerous cyber-attacks. We can divide these attacks into several types, according to their source and destination:
- Field-to-Field attacks: Attacks from one compromised remote site or field device to another remote site.
- Center-to-Field attacks –…
View original post 500 more words