Secure ICS Protocols

There were two categories that received a large number of technical presentations for S4x18: threat detection and secure ICS protocols. While we have a couple of threat detection sessions on Stage 2 (and many on the Sponsor Stage), I’m most excited by the ICS Detection Challenge for that category.

In the secure ICS protocol section we actually had to turn away many great session proposals to avoid protocol overload caused headaches. We are finally seeing evidence that insecure by design ICS protocol problem is being solved.

  • There is a session on the Secure CIP (EtherNet/IP) standard that is working it’s way through the ODVA
  • There is an update session on Secure Modbus TCP
  • There is a session on using OPC UA as the interface to IIoT protocols

Both Modbus and CIP protocols are encapsulating the existing protocol in TLS. This contrasts Adam Crains’ SSP21 protocol that was presented at S4x17. And it leads to the question is encapsulation in TLS the right solution for ICS? There are pro’s and con’s to this, so we decided to have a debate on the topic on the Main Stage.

This session actually started out as a debate on whether encryption in ICS protocols was a positive or negative. But we couldn’t find any of the ICS protocol guru’s that thought mandatory encryption was a good thing. Authentication is what is most needed for source and data integrity, but the “is encryption a good thing in ICS protocols” will be one of the topics in the debate.

While there is progress on securing the protocols, there continues to be little more than handwaving when it comes to the key management and certificate management for these protocols. Adam Crain (Again! that guy seems to grind away at this problem) and Duncan Earl have a session on Quantum Key Distribution and how that can be applied to ICS protocols. There is also a session on trust chaining of certificates to help with integrity verification in the supply chain.

You can see these and other protocol sessions by going to the agenda page and selecting Protocols as the filter on the rightmost ALL dropdown.