Leveraging Software-Defined Networking for Incident Response in Industrial Control Systems

Abstract

In the past decade, the security of industrial control systems has emerged as a research priority in order to safeguard our critical infrastructures. A large number of research efforts have focused on intrusion detection in industrial networks; however, few of them discuss what to do after an intrusion has been detected. Because the safety of most of these control systems is time sensitive, we need new research on automatic incident response. This article shows how software-defined networks and network function virtualization can facilitate automatic incident response to a variety of attacks against industrial networks. It also presents a prototype of an incident-response solution that detects and responds automatically to sensor attacks and controller attacks. This work shows the promise that cloud-enabled software-defined networks and virtual infrastructures hold as a way to provide novel defense-in-depth solutions for industrial systems. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.