2 research outputs found
LICSTER -- A Low-cost ICS Security Testbed for Education and Research
Unnoticed by most people, Industrial Control Systems (ICSs) control entire
productions and critical infrastructures such as water distribution, smart grid
and automotive manufacturing. Due to the ongoing digitalization, these systems
are becoming more and more connected in order to enable remote control and
monitoring. However, this shift bears significant risks, namely a larger attack
surface, which can be exploited by attackers. In order to make these systems
more secure, it takes research, which is, however, difficult to conduct on
productive systems, since these often have to operate twenty-four-seven.
Testbeds are mostly very expensive or based on simulation with no real-world
physical process. In this paper, we introduce LICSTER, an open-source low-cost
ICS testbed, which enables researchers and students to get hands-on experience
with industrial security for about 500 Euro. We provide all necessary material
to quickly start ICS hacking, with the focus on low-cost and open-source for
education and research
Zvýšenà viditelnosti komunikace IEC ve smart gridu
Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.EnergetickĂ© systĂ©my, jako jsou napĹ™Ăklad chytrĂ© energetickĂ© sĂtÄ› Smart Grid, tvořà kritickou infrastrukturu a jejich pĹ™erušenĂ ÄŤi vĂ˝padek mohou mĂt fatálnĂ dĹŻsledky na produkci a pĹ™enos energie, pĹ™ĂpadnÄ› i životy lidĂ. K zabezpeÄŤenĂ komunikace prĹŻmyslovĂ˝ch Ĺ™ĂdĂcĂch systĂ©mĹŻ ICS a k detekci kybernetickĂ˝ch ĂştokĹŻ na tyto systĂ©my potĹ™ebujeme zvýšit viditelnost komunikace ICS tak, aby operátor mohl sledovat pĹ™edávanĂ© zprávy. BezpeÄŤnostnĂ monitorovánĂ ICS pĹ™enosĹŻ zahrnuje extrakci informacĂ z ICS paketĹŻ, zpracovánĂ a analĂ˝zu extrahovanĂ˝ch dat a vizualizaci probĂhajĂcĂ komunikace operátorovi. Tento ÄŤlánek ukazuje koncept monitorovánĂ tokĹŻ ICS rozšĂĹ™enĂm Netflow/IPFIX systĂ©mu. ICS toky pak reprezentujĂ komunikaci v ICS systĂ©mu, která mĹŻĹľe bĂ˝t znázornÄ›na na Ĺ™ĂdĂcĂm panelu operátora. NarozdĂl od tradiÄŤnĂho monitorovánĂ, kterĂ© sleduje pouze sĂĹĄovou a transportnĂ vrstvu, jsme rozšĂĹ™ili sbÄ›r dat i na protokoly ICS. NavrhovanĂ˝ postup je demonstrován na komunikaci IEC 60870-5-104