Oops I Did it Again
- 1 January 2019
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks. Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield large-scale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up -- one in which we have been able to look back and validate those past lessons and principles. In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and contribute five previously unrecognised additional lessons based on this experience.Keywords
Funding Information
- Lloyd's Register Foundation
- Engineering and Physical Sciences Research Council (EP/N023234/1)
This publication has 15 references indexed in Scilit:
- A Just Culture Is Fundamental: Extending Security Ergonomics by DesignPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2019
- A Reference Architecture for IIoT and Industrial Control Systems TestbedsPublished by Institution of Engineering and Technology (IET) ,2019
- On the Significance of Process Comprehension for Conducting Targeted ICS AttacksPublished by Association for Computing Machinery (ACM) ,2017
- Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by DesignPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control SystemsElectronic Workshops in Computing, 2016
- An Industrial Control System Cybersecurity Performance TestbedPublished by National Institute of Standards and Technology (NIST) ,2015
- A Survey of Industrial Control System TestbedsLecture Notes in Computer Science, 2015
- A cyber-physical experimentation environment for the security analysis of networked industrial control systemsComputers and Electrical Engineering, 2012
- On SCADA control system command and response injection and intrusion detectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- SCADA Cyber Security Testbed DevelopmentPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006