Detecting Problems in Industrial Networks Through Continuous Monitoring - Level 301 (Replay)

No ratings

Presented at S4 2014 by

Marcelo Branquinho

Jan Seidl

Each SCADA network, in a healthy state, presents a specific quality of service (QoS) which rarely changes given the repetitive process of the IACS operations. The continuous monitoring of QoS parameters of an automation network may anticipate problems such as malware contamination and equipment failures like switches and routers. It is very important to be aware of these changes in behavior in order to receive alerts and promptly handle them, avoiding incidents that could compromise the operation of the network and be financially or environmentally costly. In this session Mr. Branquinho presents the results of tests to measure the performance of a simulated automation network parameters using a small SCADA network sandbox. First, the normal operating parameters of the network were measured. Next, several attacks were launched against the simulated automation network. At the conclusion of the work the graphs of the network in healthy state with the graphs of the network with the security incidents described above. The session will show how the network parameters were affected by each kind of incident and built a table showing the way the main parameters of an automation network were affected by the attacks.