Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure.

The new tool, called ICSpector, is built on an open-source framework that facilitates the examination of industrial programmable logic controllers – a set of hardware and software components that are used for managing and controlling different operations within an industrial environment.

While PLCs are integral to industrial control systems and are used in water and power grid systems, analyzing them poses challenges because of a lack of adequate threat detection tools and a dearth of expertise in the sector, according to Microsoft. OT analysis often involves sorting through sensitive data collected from sensors and controllers, Microsoft said.

“One of the biggest challenges is retrieving the code running on the PLC and scanning it as part of an incident response to understand if it was tampered with because the PLCs are actively operating vital industrial process,” Microsoft said

Microsoft said the new tool, which is available on GitHub, can detect malicious modifications, extract the timestamp of the changes made to a system, and provide an overview of the execution flow of tasks within the system, the company said.

“Currently, the system supports three OT protocols: Siemens S7Comm, which is compatible with the S7-300/400 series, Rockwell RSLogix, using the Common Industrial Protocol, and Codesys V3,” the company said.

ICSpector: Microsoft ICS Forensics Framework can be downloaded from Github at: https://github.com/microsoft/ics-forensics-tools