RECREATING WIDE AREA INDUSTRIAL CONTROL SYSTEMS NETWORK WITHIN AN EMULATED ENVIRONMENT
Abstract
The integration of Information Technology (IT) and Industrial Control Systems (ICS) has made the monitoring and remote controlling of ICSs inexpensive and reliable. However, the lack of cybersecurity protection of field devices when IT was incorporated into ICS systems has allowed for malware attacks, such as Stuxnet, the Ukraine attacks, the intrusion in the European Network of Transmission System Operators (ENTSO) in 2020, and the Colonial Pipeline ransomware attack in 2021. Fortunately, today most ICS infrastructure stakeholders are re-evaluating the security posture of their cyber-physical networks. To help researchers find better solutions to a wide range of cyberattacks, this work introduces a novel approach that can recreate a communication network topology for a large-scale power system model. Several use cases were developed to show the effect a (main-in-the-middle) MiTM attack can impose on a grid when Distributed Network Protocol version 3 (DNP3) telemetry is changed. With these use cases, the Cyber Physical Resilient Energy Systems (CyPRES) research team devised a new mechanism that uses data from network monitoring tools and intrusion detection systems (IDS) to detect such attacks. In addition, a software pipeline between NP-View and the Common Open Research Emulator (CORE) is introduced that could recreate larger scales of an ICS network in an emulated environment is proposed that can be used for research.
Subject
Power GridCyber-Physical Systems
Testbed
Validation
Emulation
Cybersecurity
MiTM
Networking
Citation
Wlazlo, Patrick J (2021). RECREATING WIDE AREA INDUSTRIAL CONTROL SYSTEMS NETWORK WITHIN AN EMULATED ENVIRONMENT. Master's thesis, Texas A&M University. Available electronically from https : / /hdl .handle .net /1969 .1 /196455.