Oops I Did it Again: Further Adventures in the Land of ICS Security Testbeds

Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks. Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield large-scale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up -- one in which we have been able to look back and validate those past lessons and principles. In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and contribute five previously unrecognised additional lessons based on this experience.

[1]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[2]  Richard Candell,et al.  An Industrial Control System Cybersecurity Performance Testbed , 2015 .

[3]  Threat landscape for industrial automation systems , 2018 .

[4]  Sylvain Frey,et al.  Testbed diversity as a fundamental principle for effective ICS security research , 2016 .

[5]  T.J. Overbye,et al.  SCADA Cyber Security Testbed Development , 2006, 2006 38th North American Power Symposium.

[6]  Erik Westring,et al.  A Survey of Industrial Control System Testbeds , 2015, NordSec.

[7]  Béla Genge,et al.  A cyber-physical experimentation environment for the security analysis of networked industrial control systems , 2012, Comput. Electr. Eng..

[8]  Ali Abbasi,et al.  On the Significance of Process Comprehension for Conducting Targeted ICS Attacks , 2017, CPS-SPC@CCS.

[9]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[10]  David Hutchison,et al.  Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research , 2017, CSET @ USENIX Security Symposium.

[11]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[12]  Awais Rashid,et al.  Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by Design , 2017, 2017 IEEE/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[13]  Awais Rashid,et al.  A Reference Architecture for IIoT and Industrial Control Systems Testbeds , 2019, Living in the Internet of Things (IoT 2019).

[14]  Sylvain Frey,et al.  SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems , 2016, ICS-CSR.

[15]  Barnaby Craggs,et al.  A Just Culture Is Fundamental: Extending Security Ergonomics by Design , 2019, 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[16]  Awais Rashid,et al.  RESTful HTTPS over Zigbee: Why and how? , 2019 .

[17]  Sylvain Frey,et al.  SENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection , 2016, CPS-SPC '16.

[18]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.