Network Function Insertion for Reliable and Secure Control Messaging over Commodity Transport
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Industrial control systems (ICS) represent a critical component of our infrastructure. With the increasing need for more control and monitoring of such systems, ICS have seen an increase in connectivity to wide area networks exposing aging equipment to rapidly evolving cybersecurity threats. To solve this problem, we developed a network function (NF) along with its insertion design for policy enforcement over the communication between remote entities and the main control office. Our vendor agnostic, programmable solution transparently integrates with the existing systems without disrupting communications, resulting in minimal downtime while decoupling the fast paced evolution of defensive security measures from the upgrade cycle of expensive long term hardware. The system uses a protocol developed by UH Networking Laboratory and implemented on the GENI testbed demonstrating the feasibility of the NF system to correct for network impairments while measuring the resource requirements and overhead in the network for successful operation.