SCADA DPI decoder protects M2M comms from malicious code

November 15, 2016 // By Graham Prophet
From one of the company’s divisions away from test and measurement, Rohde & Schwarz Cybersecurity, collaborating with CELARE, has addressed sucurity for M2M communication in industrial networks; in the (I)IoT era, protection is needed from hidden malicious code. A SCADA decoder available as part of R&S PACE 2 is now featured in CELARE’s T-SENSE product for protection of industrial data network infrastructure.

SCADA (Supervisory Control and Data Acquisition), is an Industrial Control System (ICS) application for remote monitoring and control which helps secure M2M communication using standards such as IEC 60870-5-104, the protocol for network access for tele-control tasks. The integrated SCADA decoder licensed with the R&S PACE 2 engine from Rohde & Schwarz Cybersecurity supports this protocol and is capable of decoding specific M2M commands, employing deep packet inspection (DPI). This allows the identification of malicious code disguised as regular commands and helps prevent cyberattacks such as the power outage in Ukraine in late 2015 which affected 225,000 customers. CELARE, a provider of Cyber and Network Analysis, is now using this latest version of R&S PACE 2 in its innovative product T-SENSE. The software-based solution combines a variety of cutting-edge technologies and uses a non-intrusive approach to provide visibility over IT and SCADA networks.

 

R&S PACE 2 is a software engine capable of identifying thousands of protocols and applications. It is needed everywhere in the network where intelligent decisions need to be made based on the nature of the IP traffic, whether it is wanted or unwanted traffic, good or malicious. Industrial control systems (ICS) such as SCADA (R&S adds) present an attractive target for those who seek to cause disruption or to threaten critical infrastructure such as water, oil, gas and energy factory communications channels. With the rise of the Industrial Internet of Things (IIoT), more devices, sensors and controllers have access to the industrial network infrastructure. The infection of such devices is an additional threat to the M2M communication network, possibly resulting in halted production and damaged machinery.

 

CELARE, a partner of the Cybersecurity division of Rohde & Schwarz, is using the SCADA-ready R&S PACE 2 with its advanced decoding capabilities in its T-SENSE product to provide an innovative and scalable solution. T-SENSE overlays existing network infrastructure and is equipment vendor agnostic. It is designed to collect