A Case Study of Network-Based Intrusion Detection System Deployment in Industrial Control Systems with Network Isolation

Deploying intrusion detection systems is a common cybersecurity measure, and intrusion detection systems typically operate at the ports of gateways. In critical infrastructure, industrial control systems often employ network isolation strategies, lacking the role of gateways. This research primarily explores the deployment of the Snort intrusion detection system in such an environment, combined with specific OT rules. Validation is conducted using the cybersecurity testbed of the dam control system established by TWISC@NCKU in Taiwan. The results indicate that by employing our proposed approach, it is possible to effectively detect abnormal network traffic, addressing the common issue of inadequate monitoring in environments with network isolation.