论文信息 - The Power of Hands-On Exercises in SCADA Cyber Security Education

The Power of Hands-On Exercises in SCADA Cyber Security Education

For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems’ vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.

Rayford B. Vaughn | Ernest Foo | Elena Sitnikova

[1] D. Boud,et al. Reflection, turning experience into learning , 1985 .

[2] Ernest Foo,et al. A Proposed Australian Industrial Control System Security Curriculum , 2013, 2013 46th Hawaii International Conference on System Sciences.

[3] Colette Murphy,et al. Developing Reflective Practice , 2000 .

[4] D. Schoen. Educating the reflective practitioner , 1987 .

[5] Lucy Philip. Encouraging reflective practice amongst students: a direct assessment approach , 2006 .

[6] Rayford B. Vaughn,et al. Development & expansion of an industrial control system security laboratory and an international research collaboration , 2013, CSIIRW '13.

[7] Juan Shi,et al. Introducing undergraduate electrical engineering students to reflective practice , 2011 .

[8] Kathy McCarthy,et al. Idaho National Laboratory , 2009 .

[9] Elena Sitnikova,et al. Pathway into a Security Professional: A New Cyber Security and Forensic Computing Curriculum , 2012 .

[10] Rayford B. Vaughn,et al. Advances in the Protection of Critical Infrastructure by Improvement in Industrial Control System Security , 2013, AISC.

[11] D. Kolb. Experiential Learning: Experience as the Source of Learning and Development , 1983 .