The TCSEC defines two kinds of covert channels: Storage channels - Cover communication by modifying a "storage location", such as a hard drive, and Timing channels - Perform operations that affect the "real response time observed" by the receiver.
As for ICMP, this is a supporting protocol not regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute). So it is a standard to block it in rulebase or restrict it use (no ping to the GW gets answered).
The threat you speak of is covered by APCL - see Application/Categories ICMPTX, Data Exfiltration Toolkit ICMP Mode and ICMP shell, all supported since R80.
CCSE CCTE CCSM SMB Specialist