Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration

Industrial automation and control systems (IACS) today are often based on common IT technologies. However, they often lack security mechanisms and those available in enterprise IT environments are often not suitable for IACS. Other mechanisms require significant manual maintenance which is error prone. In this paper we present an approach that leverages the unique characteristics of IACS, in particular their deterministic behavior and often available formal system description, to reliably detect anomalies and reproducibly generate configurations for security mechanisms such as firewalls. In particular, we extend common IDS technology to also detect an IACS specific anomaly: the missing of required traffic.