Intrusion Monitoring in Process Control Systems
Source: SRI International
To protect process control networks from cyber intrusions, preventive security measures such as perimeter defenses (for example, network firewalls and demilitarized zones) and secure versions of process control network protocols have been increasingly adopted or proposed. Although system hardening and fixing known vulnerabilities of existing systems are crucial to secure process control systems, intrusion monitoring is essential to ensure that the preventive measures are not compromised or bypassed. Its approach involves multilayer security architecture for monitoring process control systems to achieve accurate and effective situational awareness. Also, it leverages some of the characteristics of process control systems such as the regularity of network traffic patterns to perform intrusion detection, with the potential to detect unknown attacks.