This deliverable details the specification of an innovative network-based Intrusion Detection System (IDS) to be developed by Forescout that leverages in-depth protocol parsing and is specifically designed to protect healthcare Building Management Systems (BMS) from cyber-attacks. This IDS, called BMS probe in the context of SAFECARE, will combine whitelisting (machine-learning based) approaches and blacklisting (attack-specific) approaches to detect a wide range of possible attacks to BMS.
More specifically, this document highlights the main security challenges of BMS, the requirements for the BMS-specific threat detection system, a detailed system architecture, and the interconnections with other SAFECARE components, namely the Advanced Malware Analyzer and the Cyber Threat Monitoring System.
Lead Author: FORESCOUT
Specification of the BMS Threat Detection System (PDF, 1.9MB)