Creating a European SCADA Security Testbed

  • Henrik Christiansson
  • Eric Luiijf
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Supervisory control and data acquisition(SCADA)systems arecommonly used to monitor and control critical infrastructure assets. However, over the past two decades, they have evolved from closed, proprietary systems to open networks comprising commodity platforms running common operating systems and TCP/IP stacks. The open architecture and increased connectivity provide more functionality and reduce costs, but they significantly increase the vulnerabilities and the exposure to threats. Since SCADA systems and the critical infrastructure assets they control must have 24/7 availability, it is imperative to understand and manage the risk. This paper makes the case for a European SCADA security testbed that can be used to analyze vulnerabilities, threats and the impact of attacks, ultimately helping design new architectures and robust security solutions. The paper also discusses testbed requirements, deployment strategies and potential hurdles.

Keywords: SCADA systems, risk assessment, security testbed


Penetration Test Critical Infrastructure Sandia National Laboratory Asset Owner Industrial Control System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. K. Ananth, Testimony of Dr. K. P. Ananth, Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory, Idaho Falls, Idaho, Idaho Hearing on SCADA and the Terrorist Threat: Protecting the Nation’s Critical Control Systems, House Committee on Homeland Security, Subcommittee on Economic Security, Infrastructure Protection and Cyber Security, October 18, 2005.Google Scholar
  2. [2]
    M. Assante, R. Wells and W. Pelgrin, The SCADA and process control security procurement project update, SANS Special Webcast, SANS Insti- tute, Bethesda, Maryland, May 18, 2006.Google Scholar
  3. [3]
    D. Bakken, What good are CIP test beds? And what CIP test beds are good? Some observations from the field, presented at the Joint U. S. -E. U. Workshop on ICT-Enabled Critical Infrastructures and Interdependencies: Control, Safety, Security and Dependability, 2006.Google Scholar
  4. [4]
    K. Barnes, B. Johnson and R. Nickelson, Review of Supervisory Control and Data Acquisition (SCADA) Systems, Technical Report INEEL/EXT- 04-01517, Idaho National Engineering and Environmental Laboratory, Idaho Falls, Idaho, 2004.Google Scholar
  5. [5]
    E. Byres, The British Columbia Institute of Technology’s confidential in- dustrial security incident database, presented at the NISCC SCADA Se- curity Conference, 2005.Google Scholar
  6. [6]
    E. Byres, J. Carter, A. Elramly and D. Hoffman, Test your system five ways, ISA InTech Magazine, vol. 50(3), pp. 24-27, 2003.Google Scholar
  7. [7]
    E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, presented at the VDE Congress, 2004.Google Scholar
  8. R. Carlson, J. Dagle, S. Shamsuddin and R. Evans, A summary of control system security standards activities in the energy sector, National SCADA Test Bed, U. S. Department of Energy, Washington, DC ( of CS Standards Activities in Energy Sector.pdf ), 2005.
  9. [9]
    J. Davidson, M. Permann, B. Rolston and S. Schaeffer, ABB SCADA/EMS System INEEL Baseline Summary Test Report, Technical Report INEEL/ EXT-04-02423, Idaho National Engineering and Environmental Labora- tory, Idaho Falls, Idaho, 2004.Google Scholar
  10. [10]
    D. Duggan, M. Berg, J. Dillinger and J. Stamp, Penetration Testing of Industrial Control Systems, Technical Report SAND2005-2846P, Sandia National Laboratories, Albuquerque, New Mexico, 2005.Google Scholar
  11. European Commission, Critical Infrastructure Protection in the Fight Against Terrorism, Communication COM(2004) 702 Final, Communication from the Commission to the Council and the European Parliament, Brussels, Belgium, 2004.Google Scholar
  12. [12]
    J. Falco, Use of antivirus on industrial control and SCADA systems, presented at the Process Control Security Requirements Forum Spring Meeting, 2005.Google Scholar
  13. [13]
    S. Lueders, Control systems under attack? presented at the International Conference on Accelerator and Large Experimental Physics Control Systems, 2005.Google Scholar
  14. [14]
    H. Luiijf and R. Lassche, SCADA (on)veiligheid: Een rol voor de overhead? TNO-KEMA Report, TNO Defence, Security and Safety, The Hague, The Netherlands, 2006.Google Scholar
  15. [15]
    M. Naedele and D. Dzung, Industrial information system security –IT security in industrial plants -An introduction, ABB Review, issue 2, pp. 66-70, 2005.Google Scholar
  16. National Infrastructure Security Co-ordination Centre (NISCC), The Electronic Attack Threat to Supervisory Control and Data Acquisition Control and Automation Systems, NISCC Briefing 02/04, London, United Kingdom, 2004.Google Scholar
  17. [17]
    R. Parks, National control system security testing plan, presented at the SANS Process Control and SCADA Security Summit, 2006.Google Scholar
  18. [18]
    R. Parks and D. Duggan, Principles of cyber-warfare, Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 122-125, 2001.Google Scholar
  19. [19]
    R. Parks, J. Hills, S. Smith, T. Davis, A. Baros and P. Cordeiro, Network Security Infrastructure Testing, Version 1. 2, Center for SCADA Security, Sandia National Laboratories, Albuquerque, New Mexico (sandia. gov/ scada/documents/NSTB NSIT V1 2. pdf ), 2005.Google Scholar
  20. [20]
    A. Priore, Hacking for dollars, Newsweek International, December 22, 2005.Google Scholar
  21. [21]
    T. Smith, Hacker jailed for revenge sewage attacks, The Register, October 31, 2001.Google Scholar
  22. [22]
    J. Stamp, J. Dillinger and W. Young, Common Vulnerabilities in Critical Infrastructure Control Systems, Technical Report SAND2002-0435C, Sandia National Laboratories, Albuquerque, New Mexico, 2002.Google Scholar
  23. [23]
    V. Virta, The red team tool box: A method for penetration tests, Proceedings of the European Institute for Computer Antivirus Research Conference, 2005.Google Scholar
  24. [24]
    J. Visser, M. Berkom, J. Spiekhout, Y. Suurenbroek, J. Wessels, B. Smolders and C. Pietersen, Storing Gasmengstation (Faults in Gas Mixing Stations), Technical Report CB-2-02. 060, Raad voor de Transportveiligheid, The Hague, Netherlands, 2002.Google Scholar
  25. [25]
    R. Wells, Measurements, presented at the SANS Process Control and SCADA Security Summit, 2006.Google Scholar
  26. [26]
    W. Young and J. DePoy, Relative Risk Assessment for Water Utility SCADA Systems, Technical Report SAND2003-1772C, Sandia National Laboratories, Albuquerque, New Mexico, 2003.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Henrik Christiansson
    • 1
  • Eric Luiijf
    • 2
  1. 1.Swedish Defence Research AgencySweden
  2. 2.Hague Centre for Strategic Studies and TNO Defence, Security and SafetyNetherlands

Personalised recommendations