An isolated virtual cluster for SCADA network security research

Research aimed at securing the SCADA and ICS networks has taken off in the wake of Stuxnet. Unfortunately, it is difficult for researchers to fully capture the integration between cyber and physical components that is intrinsic to these systems. To enable researchers to perform network security experiments while taking into account the physical component of ICS networks, we propose the use of the ICS sandbox. The ICS sandbox uses the proven virtualized cluster approach to emulate SCADA networks with high fidelity. The virtualized cluster is interfaced with an electrical power flow simulator to integrate the physical component of an ICS network controlling electrical grid critical infrastructure without imposing scale constraints. Parts of the proposed sandbox were validated in a training session offered to industry professionals where a satisfaction survey indicated that hands-on session with the ICS sandbox provided significant training value to the participants that could not have been obtained in traditional training.

[1]  Jean-Yves Marion,et al.  The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet , 2010, ACSAC '10.

[2]  João Paulo S. Medeiros,et al.  Analysis of Malicious Traffic in Modbus/TCP Communications , 2008, CRITIS.

[3]  Ragnar Schierholz,et al.  Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration , 2009, 2009 IEEE Conference on Emerging Technologies & Factory Automation.

[4]  Mike Hibler,et al.  Large-scale Virtualization in the Emulab Network Testbed , 2008, USENIX ATC.

[5]  T.J. Overbye,et al.  SCADA Cyber Security Testbed Development , 2006, 2006 38th North American Power Symposium.

[6]  D. McNabb,et al.  Validation Tests of The Hypersim Digital Real Time Simulator with a Large AC-DC Network , 2003 .

[7]  B. Fleury,et al.  RAPPORT ANNUEL 2012 , 2012 .

[8]  J. Hull,et al.  Staying in control: Cybersecurity and the modern electric grid , 2012, IEEE Power and Energy Magazine.

[9]  Jean-Yves Marion,et al.  Isolated Virtualised Clusters: Testbeds for High-Risk Security Experimentation and Training , 2010, CSET.

[10]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..