Power Research

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Hybrid SCADA Security Testbed as a Service


Affiliations
1 Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India
     

   Subscribe/Renew Journal


Supervisory Control and Data Acquisition (SCADA) systems are deployed for control and management of critical infrastructures (power, oil, gas, water, etc.), industries (manufacturing, production, etc.) and public facilities (airport, ships, transport etc.). With the evolution of the technologies in communication, SCADA systems are connected to different networks using heterogeneous communication infrastructure. Thus, SCADA systems became vulnerable to threats of connected systems along with its legacy threats. A security assessment is required to understand the security posture of the system. However, it is not possible to simulate and analyze attacks on a real SCADA system. Hence, a testbed is needed to conduct any security assessment by modeling the architecture on the SCADA testbed. In this paper, we will discuss the need for testbeds, hybrid testbeds, how we established a hybrid testbed, simulation and impact analysis of attacks on the hybrid testbed and the process of providing the testbed as a service.

Keywords

Hybrid Testbed, SCADA Security, Simulation of Attacks, SPADE, Testbed, Testbed as a Service.
User
Subscription Login to verify subscription
Notifications
Font Size

  • Hemsley, Kevin E, Fisher E. History of industrial control system cyber incidents. No. INL/CON-18-44411-Rev002. Idaho National Lab. (INL), Idaho Falls, ID (United States); 2018.

  • Abrams M, Weiss J. Malicious control system cyber security attack case study - Maroochy Water Services, Australia. Technical Report, Mitre.org.; 2008. p. 1–16.

  • Babu B, et al. Security issues in SCADA based industrial control systems. 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). IEEE; 2017. https:// doi.org/10.1109/Anti-Cybercrime.2017.7905261. PMid: 29199662. PMCid:PMC5750623

  • Qassim Q, et al. A survey of SCADA testbed implementation approaches. Indian Journal of Science and Technology. 2017; 10(26).

  • Hahn A, et al. Development of the PowerCyber SCADA security testbed. Proceedings of the sixth annual workshop on cyber security and information intelligence research; 2010. https://doi.org/10.1145/1852666.1852690

  • Queiroz C, Mahmood A, Tari Z. SCADASim-A framework for building SCADA simulations. IEEE Transactions on Smart Grid. 2011; 2(4):589–97. https://doi.org/10.1109/ TSG.2011.2162432

  • Daniels J. Server virtualization architecture and implementation. Crossroads. 2009; 16(1):8–12. https://doi. org/10.1145/1618588.1618592

  • Reaves B, Morris T. An open virtual testbed for industrial control system security; 2012. https://doi.org/10.1007/ s10207-012-0164-7

  • Mallouhi M, et al. A testbed for analyzing security of SCADA control systems (TASSCS). ISGT 2011. IEEE; 2011. https://doi.org/10.1109/ISGT.2011.5759169

  • McLaughlin S, Konstantinou C, Wang X, Davi L, Sadeghi A, Maniatakos M, et al. The cybersecurity landscape in industrial control systems. Proceedings of the IEEE. 2016 May 5; 104:1039–57.

  • Holm H, Karresand M, Vidström A, Westring E. A survey of industrial control system testbeds. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Buchegger S, Dam M, (Eds), Springer; 2015. 9417. https:// doi.org/10.1007/978-3-319-26502-5_2

  • Amaraneni A, et al. Transient analysis of cyber-attacks on power SCADA using RTDS. Power Research. 2015; 11(1):79–92.

  • Rao MS, Kalluri R, Kumar RKS, Prasad GLG, Bindhumadhava BS. Impact analysis of attacks using agentbased SCADA testbed. In ISGW 2017: Compendium of Technical Papers, Springer, Singapore; 2018. p. 41–54. https://doi.org/10.1007/978-981-10-8249-8_4

  • Stranahan J, Soni T, Heydari V. Supervisory control and data acquisition testbed vulnerabilities and attacks. SoutheastCon, Huntsville, AL, USA; 2019. p. 1–5. https:// doi.org/10.1109/SoutheastCon42311.2019.9020436

  • Stranahan J, Soni T, Heydari V. Supervisory control and data acquisition testbed for research and education. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA; 2019. p. 85–9. https://doi.org/10.1109/CCWC.2019.8666482

  • Rosa L, Cruz T, Simões P, Monteiro E, Lev L. Attacking SCADA systems: A practical perspective. 2017 IFIP/ IEEE Symposium on Integrated Network and Service Management (IM), Lisbon; 2017. p. 741–6. https://doi. org/10.23919/INM.2017.7987369. PMid:28246669

  • Available from: www.gns3.com.

  • Available from: www.scilab.org.


Abstract Views: 299

PDF Views: 0




  • Hybrid SCADA Security Testbed as a Service

Abstract Views: 299  |  PDF Views: 0

Authors

Rajesh Kalluri
Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India
Reddi Hareesh
Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India
M. V. Yeshwanth
Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India
R. K. Senthil Kumar
Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India
B. S. Bindhumadhava
Center for Development of Advanced Computing (C-DAC), Knowledge Park, No 1, Old Madras Road, Byappanahalli, Bangalore – 560038, Karnataka, India

Abstract


Supervisory Control and Data Acquisition (SCADA) systems are deployed for control and management of critical infrastructures (power, oil, gas, water, etc.), industries (manufacturing, production, etc.) and public facilities (airport, ships, transport etc.). With the evolution of the technologies in communication, SCADA systems are connected to different networks using heterogeneous communication infrastructure. Thus, SCADA systems became vulnerable to threats of connected systems along with its legacy threats. A security assessment is required to understand the security posture of the system. However, it is not possible to simulate and analyze attacks on a real SCADA system. Hence, a testbed is needed to conduct any security assessment by modeling the architecture on the SCADA testbed. In this paper, we will discuss the need for testbeds, hybrid testbeds, how we established a hybrid testbed, simulation and impact analysis of attacks on the hybrid testbed and the process of providing the testbed as a service.

Keywords


Hybrid Testbed, SCADA Security, Simulation of Attacks, SPADE, Testbed, Testbed as a Service.

References





DOI: https://doi.org/10.33686/pwj.v16i2.155568