Advertisement

Building India’s First Cyber-Security Test-Bed for CI

  • Rohit Negi
  • Sandeep Kumar ShuklaEmail author
Chapter
  • 14 Downloads
Part of the IITK Directions book series (IITKD, volume 4)

Abstract

Critical infrastructures such as power grid, water treatment plants, chemical plants, oil and gas refineries, transportation systems, etc., are examples of large-scale cyber-physical systems. In the recent years, there has been multitude of cyberattacks on such systems such as STUXNET attack in Iran, BlackEnergy malware and ransomware attacks on power distribution systems in Ukraine, and malware attacks on German Steel plant to mention a few. Critical infrastructure security is a major area of concern for all governments. In the United States, several laboratories such as Sandia National Lab, Idaho National Lab, and National Institutes of Standards have built critical infrastructure cyber-security experimentation test-beds. These test-beds are built with industry-scale equipment from various sectors of critical infrastructures to allow researchers to detect vulnerabilities in multitude of products that are used by utility companies in their systems and to research efficacy of their remediation techniques. These test-beds also allow utilities to bring in hardware and software products for hardware/software-in-the-loop testing for vulnerability detection or cyber-security product validation. In India, there has been no such test-bed for such research and validation activities. In the interdisciplinary center for cyber-security and cyber defense of critical infrastructures (C3i) at the Indian Institute of Technology Kanpur, we are building such a facility—a first in India. We already have built a lab-scale test-bed for power distribution automation and discovered a plethora of vulnerabilities in the architecture, protocols, and widely used products in our test-bed. In this article, we first describe the lab-scale test-bed to provide an insight into the utility of such a test-bed, and then we describe our ongoing development of industry-scale test-beds.

Keywords

Industrial critical systems Critical infrastructure Cyber-Security of Critical Infrastructure Cyber-Security of Cyber Physical Systems 

References

  1. 1.
    Abbas HA (2014) Future scada challenges and the promising solution: the agent-based scada. Int J Crit Infrastruct 10(3–4):307–333CrossRefGoogle Scholar
  2. 2.
    Igure VM, Laughter SA, Williams RD (2006) Security issues in scada networks. Comput Secur 25(7):498–506CrossRefGoogle Scholar
  3. 3.
    Alcaraz C, Fernandez G, Carvajal F (2012) Security aspects of scada and dcs environments. Critical infrastructure protection. Springer, Berlin, pp 120–149CrossRefGoogle Scholar
  4. 4.
    Ogie RI (2017) Cyber security incidents on critical infrastructure and industrial networks. In: Proceedings of the 9th international conference on computer and automation engineering. ACM, pp 254–258Google Scholar
  5. 5.
    Cryptocurrency attack on waste water site, USA. https://www.theregister.co.uk/2018/02/08/scada_hackers_cryptocurrencies/
  6. 6.
    Caldwell T (2018) Plugging it/ot vulnerabilities-part 1. Netw Secur 2018(8):9–14CrossRefGoogle Scholar
  7. 7.
  8. 8.
  9. 9.
    Crashoverride the malware that took down a power grid. https://www.wired.com/story/crash-override-malware/
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
    Encrypted firmware in plcs by a ransomware affected Ukraine power grid. https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine
  15. 15.
  16. 16.
  17. 17.
  18. 18.
    America D, Cyber security in India: the nciipc road mapGoogle Scholar
  19. 19.
    On a European programme for critical infrastructure protection (2005) EC, Brussels 17Google Scholar
  20. 20.
    Center for the protection of national infrastructure, UK. https://www.cpni.gov.uk/
  21. 21.
    Dayal A, Deng Y, Tbaileh A, Shukla S (2015) Vscada: a reconfigurable virtual scada test-bed for simulating power utility control center operations. In: 2015 IEEE power & energy society general meeting. IEEE, pp 1–5Google Scholar
  22. 22.
    Idaho national laboratory. https://www.inl.gov
  23. 23.
    Sandia national laboratories. https://www.sandia.gov/
  24. 24.
    Prabhakar T, Balaji V, Revathy K (2018) Mookit-a mooc platform for developing countriesGoogle Scholar
  25. 25.
    Cyber security awareness week. https://security.cse.iitk.ac.in/node/523
  26. 26.
    Indian technical and economic cooperation programme (itec) ministry of external affairs, government of India. http://iitk.ac.in/oir/data/itec/Introduction-to-Cyber-Security.pdf
  27. 27.
    International society of automation. https://www.isa.org/
  28. 28.
    Mackiewicz RE (2006) Overview of IEC 61850 and benefits. In: 2006 IEEE PES Power systems conference and exposition, 2006. PSCE’06. IEEE, pp 623–630Google Scholar
  29. 29.
    Zhao Y, Shen ZJ (2003) Application of tcp/ip based iec60870-5-104 telecontrol protocol in power system [j]. Power Syst Technol 10:016Google Scholar
  30. 30.
    Huitsing P, Chandia R, Papa M, Shenoi S (2008) Attack taxonomies for the modbus protocols. Int J Crit Infrastruct Prot 1:37–44Google Scholar
  31. 31.
    Mills D et al. (1985) Network time protocol. Technical report, RFC 958, M/A-COM LinkabitGoogle Scholar
  32. 32.
  33. 33.
  34. 34.

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Indian Institute of Technology KanpurKanpurIndia

Personalised recommendations