How Do I Pick An ICS Detection Solution?
Dale Peterson

Interesting question.

I’d say one of the main barriers would be that ICS customers are wary to install any non standard software on their devices in my experience.

If they do allow software to be installed on distribution points/HMI/ management workstations, then the options increase significantly, otherwise you are looking at a network based device specifically for ICS Anomaly detection or hope to try a mainstream network product or advanced threat detection tool which may detect a threat by what is coming into or leaving an ICS zone, without necessarily parsing proprietary protocols on the network.

I spent several years installing software in ICS/SCADA/manufacturing/PowerGen customer sites — and once the technical battle and approval was given (post testing) to use software isolation/sandboxing/least privilege type tools , it was relatively straightforward- mitigate multiple risks, preserve operational uptime, control maintenance procedures, securing use of devices — all easily done with a very mature product. It was more of a challenge to get the ICS vendor to agree to what was happening compared to overcoming customer concerns in all honesty. Typical poor attitudes to support agreements and SLA’ after a ‘3rd party’ had been added to the mix etc but did usually find a compromise for all parties.

So i won’t advertise directly but the vendor i work for has two products available— one for devices, one for ICS network with protocol parsing.

They are not specifically advertised as most customers come to us under strict NDA’s during trial/evaluation periods.