University researchers have developed a methodology for enabling networked devices in an industrial control system (ICS) to police each other for abnormal behavior that would indicate a compromise.
The idea is to make it possible for devices, such as machinery on a factory assembly line, to spot the problem unit and then isolate it from the network before it can do any damage, researchers from North Carolina State University said Wednesday. The security mechanism would be used in supervisory control and data acquisition (SCADA) systems and programmable logic controllers.
Mo-Yuen Chow, co-author of the research and a professor of electrical and computer engineering, said the concept was like a "community watch," where neighbors watch each other's property for burglaries.
"Each device listens to its neighboring device to see if they're misbehaving," Chow said.
SCADA and PLC systems are used in industries comprising the nation's critical infrastructure (CI), which includes power generation facilities, oil and gas pipelines, electric power transmitters and defense manufacturing. The networked machinery and electronic devices in these systems are increasingly under attack by hackers, according to U.S. government officials. Much of the activity is originating from China and the Middle East.
Securing the nation's critical infrastructure is difficult because most of the electronics and machinery was built before the Internet evolved as a networking protocol in controlling systems. In tackling the problem, NCSU researchers have developed an algorithm that can be deployed in any networked device, either in software or as firmware in a microcontroller.
"We wanted to build a very simple security measure on each device, so when they work together they will bring security to the entire system," Chow said.
The algorithm would establish acceptable operational parameters, such as temperature or speed, for the networked devices. If a unit suddenly operated outside those parameters, then the other devices would stop all communications, so it could no longer operate.
The technology would augment traditional security systems used today, such as communication encryption and access controls, said Wente Zeng, a doctoral student and co-author of the research. It would also operate within SCADA and PLC systems used to monitor and manage devices.
The researchers plan to present their paper (PDF), entitled "Convergence and Recovery Analysis of the Secure Distributed Control Methodology for D-NCS," at the IEEE International Symposium on Industrial Electronics being held May 27-31 in Taipei, Taiwan.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.