Cyber Range for Industrial Control Systems (CR‐ICS) for Simulating Attack Scenarios

da | Feb 14, 2022 | Senza categoria | 0 commenti

Fonte: “Cyber Range for Industrial Control Systems (CR‐ICS) for Simulating Attack Scenarios”, 7 Aprile 2021, Paper, http://ceur-ws.org/Vol-2940/paper21.pdf

Abstract


Cyberattacks targeting industrial control systems (ICS) pose a particularly serious threat due to their potential to cause not only physical damage but also cascading disruptions to the supply of critical services (such as water, electricity, or gas). One way to address these threats is through training in a cyber range. Such training can bolster defensive capabilities by increasing cross-domain knowledge between IT and OT teams about real-world industrial processes and equipment on the one hand and attacker tactics, techniques, and procedures (TTPs) and cyber defense tools on the other hand.

To that end, this paper presents the development of a Cyber Range for ICS (CR-ICS) that is based on a real-time attacker-defender gameplay model in
conjunction with dynamic simulation models of typical industrial systems. As a proof of concept, we present an industrial gas turbine as one use-case of an archetypal industrial system.

In addition to the architecture of the range and the building of the simulation model, this paper also provides a demonstration of a sample training exercise.

Introduction

Recent events, such as the attack on a Florida town’s water treatment facility [1], have reignited fears about the vulnerability of our critical infrastructure to cyberattacks. Although this particular attack on the water treatment facility failed to cause any significant damage due to its early detection by an on-call operator, the attack serves as a wake-up call about the gravity and urgency of preparing for such threats.

The potential for physical damage by remote manipulation of industrial control systems (ICS) is not a new phenomenon; in fact, as early as the year 2000, the remote attack on the Maroochy Shire sewage plant demonstrated the vulnerability of modern industrial systems and the destructive capability of such attacks.

However, for the most part, industrial systems (power grids, gas and water distribution plants, subway systems, etc.) have been considered relatively safe from cyberattacks because they have been traditionally segregated from the public internet i.e., air-gapped.

With the advances in technology and connectivity, the infusion of Industrial Internet-of-Things (IIoT), and the integration of industrial control systems with management dashboards and other IT systems, the traditional air-gapped protections are no longer sufficient to provide adequate threat management. Not only that, but the functions that were previously performed by simple, easy to understand electro-mechanical components are now almost entirely implemented in software – hidden behind hundreds of millions of lines of code.

The result has been an explosion in the complexity of ICS with many components interacting in many indirect ways. This increase in complexity has significantly expanded ICS attack surface and has made it extremely difficult to analyze these systems for vulnerabilities, trustworthiness, and mission-assurance.

Continua a leggere