Building Industrial Scale Cyber Security Experimentation Testbeds for Critical Infrastructures

Building Industrial Scale Cyber Security Experimentation Testbeds for Critical Infrastructures

Rohit Negi (C3i Center, Indian Institute of Technology, Kanpur, India), Anand Handa (C3i Center, Indian Institute of Technology, Kanpur, India) and Sandeep Kumar Shukla (C3i Center, Indian Institute of Technology, Kanpur, India)
DOI: 10.4018/978-1-7998-2910-2.ch010

Abstract

Power Grid, Water/Sewage control system, and Industrial automation are some examples of critical infrastructures. They are critical because malfunctioning of any of these may lead to severe industrial accidents. It may also have severe implications for the national economy and security. Nation-states are gearing up for potential cyber warfare, signs of which are already visible in various incidents such as Stuxnet, BlackEnergy, and many other recent attacks. As a result, research in cyber defense for such critical systems is an urgent need for all countries. IIT Kanpur has established the National Interdisciplinary Center for Cyber Security and Cyber Defense of Critical Infrastructures (C3i Center) to engage in research in this crucial area. In the past, the authors carried out a lot of cybersecurity experiments on co-Simulator-based platforms. These experiments show that they do not allow us to penetrate at the granularity required to defend real systems and therefore, physical test-beds are to be constructed. In this chapter, the authors describe how to build various test-beds.
Chapter Preview
Top

Introduction

In this chapter, the authors describe the various industrial-scale testbeds that are built from scratch at National Interdisciplinary Center for Cyber Security and Cyber Defense of Critical Infrastructures, IIT Kanpur (Negi, Kumar, Ghosh, Shukla, & Gahlot, 2019). Besides describing the architectures of power distribution, transmission, and generation testbeds, a multi-stage water treatment plant testbed, and industrial automation testbed, authors also briefly outline various experimental setup like vulnerability assessment and penetration activities undertaken, and machine learning-based intrusion detection techniques. The authors believe that capturing their set up in this chapter would help others to build similar facilities for research and education around the world. Each country should develop its own facilities for this kind of research and education. Given that the cybersecurity of critical infrastructure is now closely associated with the national security of a country (Alcaraz & Zeadally, 2015; Nicholson, Webber, Dyer, Patel, & Janicke, 2012), sooner than later – skill development, creation of tools for protecting against cyber-attacks against infrastructure, and ability to analyze threats to such systems will be required by every country in the world. To the best of the authors’ knowledge C3i center is the first in India to develop such a wide-range cybersecurity experimentation framework and laboratory for critical infrastructure security.

The first well-known incident happened in the 1990s, where a cyber-attack happened on Siberian Gas Pipeline Explosion (“Repository of industrial security incidents [RISI] online incident database,” 2015). More recently, the authors witness the attacks on the power grids of Ukraine (“December 2015 Ukraine power grid cyberattack,” 2015) several times in the past few years. Therefore, this kind of facility is the need of the hour. With this kind of facility, one can perform experiments with the vulnerabilities, and the threats faced by various automation systems engaged in critical infrastructure. Also, one can experiment on the protective software and hardware systems designed to thwart such attacks.

Key Terms in this Chapter

Vulnerability Assessment and Penetration Testing (VAPT): Vulnerability assessment and penetration testing (VAPT) is the key to address the security loop holes in any system – IT or industrial control system. Penetration testing emphasizes on gaining as much access as possible while a vulnerability assessment emphasizes on identifying components that are vulnerable to a cyber-attack.

Programmable Logic Controller (PLC): A general notion that refers to an industrial computer adapted for controlling the manufacturing, batching, processing, etc., automation in industries.

Industrial Control System (ICS): A general notion that refers to several types of control systems and associated tools used for the industrial process control.

Remote Terminal Unit (RTU): RTU is an industrial computer adapted for acquiring the manufacturing, batching, processing, etc., automation data in industries and transmitting telemetry data up to the master system.

MODBUS TCP: It is simply the Modbus RTU protocol with a TCP interface that runs on Ethernet.

Operational Technology (OT): An artifact used to communicate with industrial control system to monitor and control the plant floor with highly interactive user interface.

Complete Chapter List

Search this Book:
Reset