A testbed for SCADA control system cybersecurity research and pedagogy

This paper describes the Mississippi State University Supervisory Control and Data Acquisition (SCADA) security laboratory and Power and Energy Research laboratory. This laboratory combines process control systems from multiple critical infrastructure industries to create a testbed with functional physical processes controlled by commercial hardware and software over common industrial control system routable and non-routable networks. The testbed enables a research process in which cybersecurity vulnerabilities are discovered, exploits are used to understand the implications of the vulnerability on controlled physical processes, identified problems are classified by criticality and similarities in type and effect, and finally cybersecurity mitigations are developed and validated against the testbed. The testbed also enables control system security workforce development through integration into the classroom of laboratory exercises, functional demonstrations, and research outcomes.

[1]  Igor Nai Fovino,et al.  An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants , 2010, 3rd International Conference on Human System Interaction.

[2]  Xinghuo Yu,et al.  Building a SCADA Security Testbed , 2009, 2009 Third International Conference on Network and System Security.

[3]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[4]  Eric A. M. Luiijf,et al.  Creating a European SCADA Security Testbed , 2007, Critical Infrastructure Protection.

[5]  T.J. Overbye,et al.  SCADA Cyber Security Testbed Development , 2006, 2006 38th North American Power Symposium.

[6]  Rayford B. Vaughn,et al.  Discovering vulnerabilities in control system human-machine interface software , 2009, J. Syst. Softw..

[7]  Kathy McCarthy,et al.  Idaho National Laboratory , 2009 .

[8]  Siddharth Sridhar,et al.  Development of the PowerCyber SCADA security testbed , 2010, CSIIRW '10.