Technology for Visualizing and Analyzing Control System Traffic to Verify its Integrity

Tokyo, Japan - September 16, 2015

 

National Institute of Information and Communications Technology
Yokogawa Electric Corporation
Kyoto University

 

Yokogawa Electric Corporation (Yokogawa, President: Takashi Nishijima) announces that it has worked with the National Institute of Information and Communications Technology of Japan (NICT, President: Dr. Masao Sakauchi), Professor Yasuo Okabe of Kyoto University, and former Associate Professor Hiroki Takakura of Kyoto University to jointly develop a technology that visualizes and analyzes control system traffic to verify its integrity. This technology, which has been integrated by Yokogawa in an industry-first network healthiness check service, can quickly detect security incidents such as a malware infection. This combines visualization technology with the collection and analysis of traffic data to verify the integrity of control system networks, and is expected to improve the security of control systems used in public utilities.

Background

Control system security has become a serious concern in recent years due to the proliferation of cyber-attacks targeting critically important infrastructure like public utilities: electric power, gas, and water. As control systems increasingly rely on operating systems and standard protocols that are both open and versatile, cyber attacks are very common now with various infection routes not only via the Internet but also via USB memory devices and other media, making it difficult to prevent all malware infections. Therefore, there is an urgent need for a technology that can quickly detect security incidents. Such technology should not have an impact on control system availability (stable, continuous operation) as these systems need to keep operating without interruption for very long periods, even as long as several decades.

Achievements

NICT, Yokogawa, and Kyoto University jointly developed a technology for visualizing and analyzing control system traffic to verify its integrity and quickly detect security incidents such as malware infections.

Figure 1 Schematic diagram of the developed technology
Figure 1 Schematic diagram of the developed technology

Unlike general information systems where the amount and direction of traffic keep changing, it is easier with control system networks to identify when traffic conditions are normal as these systems are designed and used for a specific purpose. We focused on this characteristic.

Our technology saves data on normal control system traffic conditions as a white list. With reference to this list, the technology monitors the dynamic state of the control system network to detect any abnormalities such as an increase in traffic or communication with an unknown IP address that could be caused by malware.

Furthermore, by using NIRVANA*, a real-time traffic visualization system developed by NICT, we improved this technology to comply with unique communications protocols used by control systems. As a result, this technology can identify traffic conditions much easier when an abnormality is identified (Figures 2 and 3).

Since there is no need to install detection software on each control system host (or server), this technology is easy to be introduced and does not impact control system availability.

Figure 2  Example of control network visualization (under normal conditions)
Figure 2 Example of control network visualization (under normal conditions)

Figure 3  Example of control network visualization (when an incident has occurred)
Figure 3 Example of control network visualization (when an incident has occurred)
In this case, a host in control room A has become infected with malware and there has been an increase in network traffic.

Future perspectives

This technology has been integrated in Yokogawa's cyber security support service for control systems (URL: https://www.yokogawa.comhttps://www.yokogawa.com/solutions/services/), and is expected to make the control systems used in critically important infrastructure more secure. With the aim of making the world a safer place, we will continue researching and developing cyber security technologies for control systems.

Glossary

* NIRVANA(NICTER Real-network Visual ANAlyzer)
A system developed by NICT to visualize and analyze traffic in real time. NIRVANA reduces the load of managing large-scale, complex networks by visualizing traffic. It enables action to be taken quickly when a failure occurs. NIRVANA is a NICT technology that can be transferred under contract.

Real-time Traffic Visualization by NIRVANA (Left: Packet-by-packet Visualization Mode, Right: Address Block View)
Real-time Traffic Visualization by NIRVANA
(Left: Packet-by-packet Visualization Mode, Right: Address Block View)

 

About Yokogawa

Yokogawa's global network of 88 companies spans 56 countries. Founded in 1915, the US$3.5 billion company engages in cutting-edge research and innovation. Yokogawa is active in the industrial automation and control (IA), test and measurement, and aviation and other businesses segments. The IA segment plays a vital role in a wide range of industries including oil, chemicals, natural gas, power, iron and steel, pulp and paper, pharmaceuticals, and food. For more information about Yokogawa, please visit www.yokogawa.com.

The names of the companies, organizations, and brands in this text are the trademarks or registered trademarks of the respective holders.


Top