A roadmap for converting an electric power utility network to defend against crafted input

In this paper, we propose a concrete roadmap to eliminate the possibility of input-handling vulnerabilities in the OT side of an ICS network by using secure parsing. ICS utilities are responsible for maintaining the integrity of the power grid in the US. A complex communications network is the backbone of these systems. Communication on ICS networks is must be processed correctly and can’t crash devices or allow attackers access to devices. Language-Theoretic Security (LangSec) is the practice of secure input handling via hardened parsers. Secure parsers improve ICS network security. Our previous work covers the implementation details of various ICS protocols. Here, we show that the existing collection of LangSec parsers for SCADA protocols offers coverage for the communication needs of an ICS network. We demonstrate a high degree of communications coverage on a network model, discuss the merits of a network guarded by LangSec parsers, and propose a triage procedure to implement such a network. Furthermore, we collect a summary of security benefits and lessons learned.