Advertisement

An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11981)

Abstract

There are significant concerns regarding the lack of proficient cybersecurity professionals with a background in both Information Technology (IT) and Operational Technology (OT). To alleviate this problem, we propose an open and flexible laboratory for experimenting with an IT/OT infrastructure and the related cybersecurity problems, such as emulating attacks and understanding how they work and how they could be identified and mitigated. We also report our experience in using the laboratory during a one-week training event with 24 students from 7 different high-schools at the mechatronics prototyping facility ProM in Rovereto (Italy).

Keywords

Education CyberSecurity Laboratory Operational Technology Information Technology 

References

  1. 1.
    Galadima, A.A.: Arduino as a learning tool. In: 2014 11th International Conference on Electronics, Computer and Computation (ICECCO), September 2014.  https://doi.org/10.1109/ICECCO.2014.6997577
  2. 2.
    Banks, A., Briggs, E., Borgendale, K., Gupta, R.: MQTT Version 5, March 2019. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.pdf
  3. 3.
    Banks, A., Gupta, R.: MQTT Version 3.1.1, December 2015. http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.pdf
  4. 4.
    Hu, Y., Yang, A., Li, H., Sun, Y., Sun, L.: A survey of intrusion detection on industrial control systems. Int. J. Distrib. Sens. Netw. 14(8) (2018).  https://doi.org/10.1177/1550147718794615CrossRefGoogle Scholar
  5. 5.
    Information Systems Audit and Control Association: State of cybersecurity 2018. Survey, ISACA, October 2017. https://cybersecurity.isaca.org/csx-resources/state-of-cybersecurity-2018
  6. 6.
    Information Systems Audit and Control Association: State of cybersecurity 2019. Survey, ISACA, November 2018. https://www.isaca.org/info/state-of-cybersecurity-2019/index.html
  7. 7.
    Kaspersky Lab ICS CERT: Industrial CTF. https://ics-cert.kaspersky.com/tag/industrial-ctf/. Accessed 30 June 2019
  8. 8.
    Lundgren, L., Hindocha, N.: Light Weight Protocol: Critical Implications. https://www.youtube.com/watch?v=o7qDVZr0t2c. Accessed 30 June 2019
  9. 9.
    Modbus-IDA: MODBUS TCP/IP Implementation Guide, October 2006. http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf
  10. 10.
    Palmieri, A., Prem, P., Ranise, S., Morelli, U., Ahmad, T.: MQTTSA: a tool for automatically assisting the secure deployments of MQTT brokers. In: 2019 IEEE World Congress on Services (SERVICES), vol. 2642–939X, pp. 47–53, July 2019.  https://doi.org/10.1109/SERVICES.2019.00023
  11. 11.
    Ponemon Institute LLC: 2018 Cost of Insider Threats: Global. https://www.observeit.com/ponemon-report-cost-of-insider-threats
  12. 12.
    Spanish National Cybesecurity Institute: Protocols and Network Security in ICS Infrastructure, February 2017. https://www.incibe-cert.es/sites/default/files/contenidos/guias/doc/incibe_protocol_net_security_ics.pdf
  13. 13.
    Yassein, M.B., Shatnawi, M.Q., Aljwarneh, S., Al-Hatmi, R.: Internet of Things: survey and open issues of MQTT protocol. In: 2017 International Conference on Engineering MIS (ICEMIS), pp. 1–6, May 2017.  https://doi.org/10.1109/ICEMIS.2017.8273112

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Security & Trust, Fondazione Bruno KesslerTrentoItaly

Personalised recommendations