An Open-Source Testbed to Visualise ICS Cybersecurity Weaknesses and Remediation Strategies – A Research Agenda Proposal

Abstract

Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.