Testbed Diversity as a Fundamental Principle for Effective ICS Security Research
نویسندگان
چکیده
The implementation of diversity in testbeds is essential to understanding and improving the security and resilience of Industrial Control Systems (ICS). Employing a wide spectrum of equipment, diverse networks, and business processes, as deployed in real-life infrastructures, is particularly difficult in experimental conditions. However, this level of diversity is key from a security perspective, as attackers can exploit system particularities and process intricacies to their advantage. This paper presents an ICS testbed with specific focus on infrastructure diversity, and end-to-end business process replication. These qualities are illustrated through a case study mapping data flow/processing, user interactions, and two example attack scenarios.
منابع مشابه
Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research
Recent years have seen a number of cyber attacks targeting Industrial Control Systems (ICSs). Reports detailing the findings from such attacks vary in detail. Handson experimental research is, therefore, required to better understand and explore security challenges in ICSs. However, real-world production systems are often offlimits due to the potential impact such research could have on operati...
متن کاملA Cybersecurity Testbed for Industrial Control Systems
The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in accordance with practices prescribed by prevailing standards and guidelines. This paper outlines the testbed design and lists research goals, use ...
متن کاملA Survey of Industrial Control System Testbeds
Conducting security tests such as vulnerability discovery within Industrial Control Systems (ICS) help reduce their vulnerability to cyber attacks. Unfortunately, the extreme availability requirements on ICS in operation make it difficult to conduct security tests in practice. For this reason, researchers and practitioners turn to testbeds that mimic real ICS. This study surveys ICS testbeds th...
متن کاملGamifying Education and Research on ICS Security: Design, Implementation and Results of S3
In this work, we consider challenges relating to security for Industrial Control Systems (ICS) in the context of ICS security education and research targeted both to academia and industry. We propose to address those challenges through gamified attack training and countermeasure evaluation. We tested our proposed ICS security gamification idea in the context of the (to the best of our knowledge...
متن کاملTowards Agile Industrial Control Systems Incident Response
The integration of Industrial Control Systems (ICS) with IT systems has increased the ICS’ exposure to cyber threats. We have seen a tremendous increase in the number of security incidents happened to ICS in the past five years. This requires the ICS to provide effective incident response capabilities to counteract security attacks. Previous research on ICS incident response has been focusing o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016