Depict: Deep packet intelligence for industrial control systems
Protecting Industrial Control Systems (ICS) requires solutions that not disturb existing operations, which is essential for large-scale systems and, especially for legacy systems. In this project we aim to create new tools, algorithms, and software to improve the situational awareness of security analysts for control systems. By combining external threat sources with information extraction through network analysis, and semantics-aware network-based monitoring we will build and maintain models of different perspectives of the system to help security analysts and operators better understand their systems and identify threats, and promptly react to mitigate the impact of attacks.
Our final goal is to leverage and -add intelligence to- deep-packet inspection (DPI) tools to extract knowledge of an ICS and build -actionability-, that is, the ability to act upon present (or future) threats, allowing for, (1) Corrective measures, facilitating early incident response by security analysts without a deep knowledge of ICS, and control-room operators without deep knowledge on cyber-security, so they can take care of the first steps of the incident response, thereby greatly increasing the overall resilience of the system, and (2) Preventive measures, performing asset-threat mapping by leveraging deep-packet inspection of industrial networks.