Hybrid SCADA Security Testbed as a Service

##plugins.themes.academic_pro.article.main##

Rajesh Kalluri
Reddi Hareesh
M. V. Yeshwanth
R. K. Senthil Kumar
B. S. Bindhumadhava

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are deployed for control and management of critical infrastructures (power, oil, gas, water, etc.), industries (manufacturing, production, etc.) and public facilities (airport, ships, transport etc.). With the evolution of the technologies in communication, SCADA systems are connected to different networks using heterogeneous communication infrastructure. Thus, SCADA systems became vulnerable to threats of connected systems along with its legacy threats. A security assessment is required to understand the security posture of the system. However, it is not possible to simulate and analyze attacks on a real SCADA system. Hence, a testbed is needed to conduct any security assessment by modeling the architecture on the SCADA testbed. In this paper, we will discuss the need for testbeds, hybrid testbeds, how we established a hybrid testbed, simulation and impact analysis of attacks on the hybrid testbed and the process of providing the testbed as a service.

##plugins.themes.academic_pro.article.details##

How to Cite
Kalluri, R., Hareesh, R., Yeshwanth, M. V., Senthil Kumar, R. K., & Bindhumadhava, B. S. (2020). Hybrid SCADA Security Testbed as a Service. Power Research - A Journal of CPRI, 153–162. https://doi.org/10.33686/pwj.v16i2.155568

References

  1. Hemsley, Kevin E, Fisher E. History of industrial control system cyber incidents. No. INL/CON-18-44411-Rev002. Idaho National Lab. (INL), Idaho Falls, ID (United States); 2018.
  2. Abrams M, Weiss J. Malicious control system cyber security attack case study - Maroochy Water Services, Australia. Technical Report, Mitre.org.; 2008. p. 1–16.
  3. Babu B, et al. Security issues in SCADA based industrial control systems. 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). IEEE; 2017. https:// doi.org/10.1109/Anti-Cybercrime.2017.7905261. PMid: 29199662. PMCid:PMC5750623
  4. Qassim Q, et al. A survey of SCADA testbed implementation approaches. Indian Journal of Science and Technology. 2017; 10(26).
  5. Hahn A, et al. Development of the PowerCyber SCADA security testbed. Proceedings of the sixth annual workshop on cyber security and information intelligence research; 2010. https://doi.org/10.1145/1852666.1852690
  6. Queiroz C, Mahmood A, Tari Z. SCADASim-A framework for building SCADA simulations. IEEE Transactions on Smart Grid. 2011; 2(4):589–97. https://doi.org/10.1109/ TSG.2011.2162432
  7. Daniels J. Server virtualization architecture and implementation. Crossroads. 2009; 16(1):8–12. https://doi. org/10.1145/1618588.1618592
  8. Reaves B, Morris T. An open virtual testbed for industrial control system security; 2012. https://doi.org/10.1007/ s10207-012-0164-7
  9. Mallouhi M, et al. A testbed for analyzing security of SCADA control systems (TASSCS). ISGT 2011. IEEE; 2011. https://doi.org/10.1109/ISGT.2011.5759169
  10. McLaughlin S, Konstantinou C, Wang X, Davi L, Sadeghi A, Maniatakos M, et al. The cybersecurity landscape in industrial control systems. Proceedings of the IEEE. 2016 May 5; 104:1039–57.
  11. Holm H, Karresand M, Vidström A, Westring E. A survey of industrial control system testbeds. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Buchegger S, Dam M, (Eds), Springer; 2015. 9417. https:// doi.org/10.1007/978-3-319-26502-5_2
  12. Amaraneni A, et al. Transient analysis of cyber-attacks on power SCADA using RTDS. Power Research. 2015; 11(1):79–92.
  13. Rao MS, Kalluri R, Kumar RKS, Prasad GLG, Bindhumadhava BS. Impact analysis of attacks using agentbased SCADA testbed. In ISGW 2017: Compendium of Technical Papers, Springer, Singapore; 2018. p. 41–54. https://doi.org/10.1007/978-981-10-8249-8_4
  14. Stranahan J, Soni T, Heydari V. Supervisory control and data acquisition testbed vulnerabilities and attacks. SoutheastCon, Huntsville, AL, USA; 2019. p. 1–5. https:// doi.org/10.1109/SoutheastCon42311.2019.9020436
  15. Stranahan J, Soni T, Heydari V. Supervisory control and data acquisition testbed for research and education. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA; 2019. p. 85–9. https://doi.org/10.1109/CCWC.2019.8666482
  16. Rosa L, Cruz T, Simões P, Monteiro E, Lev L. Attacking SCADA systems: A practical perspective. 2017 IFIP/ IEEE Symposium on Integrated Network and Service Management (IM), Lisbon; 2017. p. 741–6. https://doi. org/10.23919/INM.2017.7987369. PMid:28246669
  17. Available from: www.gns3.com.
  18. Available from: www.scilab.org.

Most read articles by the same author(s)