Monday, October 18, 2010

Intrusion Detection for Computer Systems

Andrew Ginter has an interesting post over on his new blog, Control System Security. He discusses in pretty good detail how network intrusion detection systems work. As we hear more and more details about Stuxnet it is becoming clearer that we must take control system security as seriously as we take the protection of any other critical cyber system. We are also becoming more aware that there is no single action that we can take that will protect these systems against all attacks.

A network intrusion detection system (NIDS) as described by Andrew does much the same as a physical intrusion detection system does for our facility perimeter. As someone approaches or broaches our first line of perimeter defense it alerts the security forces of a potential problem that must be checked out and evaluated. The NIDS does the same thing for the cyber perimeter.

Neither the IDS nor the NIDS stops perimeter penetration, it simply identifies a potential penetration of the perimeter. If there is a barrier outside of the detection system, there will be fewer potential penetrations to investigate or respond to. But, even with the best practical barrier system, there will be potential penetrations to be investigated. Hopefully they will be false alarms, but if you don’t back-up your perimeter protection with intrusion detection you will not know about actual penetrations before it is too late.

Andrew’s post is well worth reading. He explains the concepts in terms that most non-specialists can easily understand. You won’t be able to design or implement an NIDS after reading this post (unless of course you could before hand), but you will find it easier to understand your local geek (employee or consultant) when they explain why you need to spend your hard earned profits on another non-productive security process. Unproductive, that is, as long as you don’t think about the fact that without your industrial control system working as designed, you won’t have any widgets to sell.

No comments:

/* Use this with templates/template-twocol.html */