Water treatment and distribution simulation for a SCADA security testbed.

Supervisory Control and Data Acquisition (SCADA) systems are used in almost all industrial processes including use in the nation\u27s critical infrastructure. The electric, water, and gas industries are merely a few that rely heavily on the use of SCADA systems in order to provide reliable service to the public. Any disruption in these systems would lead to major issues in day to day life and could produce a hazardous environment until the services are restored. SCADA equipment was first implemented decades ago, and in some cases the equipment deployed at that time is still in use today. As network technology emerged and advanced over the last several years, SCADA systems were adapted in order to provide network access and control from remote locations. This led to vulnerabilities in limiting access to the system and provided a means for hackers, hactavist, and nation-states to gain control of critical infrastructure SCADA systems in order to cause both physical and economical damage. New technologies and research areas have emerged in an effort to thwart these possible intrusions and attacks. However, there is a need to have adequate means of testing new security devices since it would be impractical to test on a functioning SCADA system. This leads to the development of simulations and testbeds that can provide a low-cost, easily configurable means of testing new cyber security devices. A water treatment and distribution simulation was developed in order to provide this means of testing. The simulation encompasses two components. The first is a software simulation that provides virtualized components typically found in water systems such as pumps, valves, and water tanks. The second is a hardware component that provides an interface from the software to actual SCADA equipment such as remote terminal units and human machine interfaces. The simulation was tested with a prototype cyber security device to ensure functionality. Attacks were carried out on the SCADA system with and without the security device in place. The simulation allowed for both a virtualized and physical response to the attacks. The simulation provided a robust, cost-effective testbed for verifying the functionality of the security device