Generating configuration for missing traffic detector and security measures in industrial control systems based on the system description files

Nowadays, industrial control systems operators are trying to fulfill requirements from upcoming standards and regulation regarding cyber security issues. However, addressing such security requirements by implementing security measures is not a trivial task. Moreover, the creation and maintenance of the configuration for the security measures is prone to error. This research shows that it is possible to derive configuration file(s) to setup different security measures based on the input from system description files. In addition, we highlight an important anomaly in industrial control systems, namely the missing/tardiness of expected traffic. In this paper, we show how the proposed system works by taking IEC 61850 SCD files and generating configuration files for security measures such as firewall and IDS/IPS. Additionally, current IDS/IPS only raise an alert when unexpected traffic appears in the system. They do not alert on the disappearance of the expected traffic. In fact, this type of anomaly is as critical as the other type of anomaly. Thus, we address this anomaly as well in our research.