SWaT: a water treatment testbed for research and training on ICS security

This paper presents the SWaT testbed, a modern industrial control system (ICS) for security research and training. SWaT is currently in use to (a) understand the impact of cyber and physical attacks on a water treatment system, (b) assess the effectiveness of attack detection algorithms, (c) assess the effectiveness of defense mechanisms when the system is under attack, and (d) understand the cascading effects of failures in one ICS on another dependent ICS. SWaT consists of a 6-stage water treatment process, each stage is autonomously controlled by a local PLC. The local fieldbus communications between sensors, actuators, and PLCs is realized through alternative wired and wireless channels. While the experience with the testbed indicates its value in conducting research in an active and realistic environment, it also points to design limitations that make it difficult for system identification and attack detection in some experiments.

[1]  Alvaro A. Cárdenas,et al.  Attacking Fieldbus Communications in ICS: Applications to the SWaT Testbed , 2016, SG-CRC.

[2]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[3]  Geok See Ng,et al.  Experimental Evaluation of Stealthy Attack Detection in a Robot , 2015, 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC).

[4]  Bruno Sinopoli,et al.  False Data Injection Attacks in Electricity Markets , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[5]  Volker Roth,et al.  Simple and effective defense against evil twin access points , 2008, WiSec '08.

[6]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[7]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[8]  David Hutchison,et al.  Design and construction of an Industrial Control System testbed , 2014 .

[9]  Pieter H. Hartel,et al.  Through the eye of the PLC: semantic security monitoring for industrial processes , 2014, ACSAC.

[10]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[11]  Nils Ole Tippenhauer,et al.  MiniCPS: A Toolkit for Security Research on CPS Networks , 2015, CPS-SPC@CCS.