SCADA-SST: A SCADA security testbed

Asem Ghaleb; Sami Zhioua; Ahmad Almulhem

doi:10.1109/WCICSS.2016.7882610

SCADA-SST: A SCADA security testbed

Asem Ghaleb, Sami Zhioua, Ahmad Almulhem

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

The number of reported cybersecurity incidents on SCADA (Supervisory Control and Data Acquisition) systems increased significantly in the past few years. One contributing factor is the fact that security testing of live SCADA systems is not practical as such systems are expected to be operational 24/7. Also and most importantly, conducting live security testing on these types of systems is generally costly. A practical and cost-effective solution is to carry out security testing on a simulated version of the physical setting. The main contribution of this paper is to present a SCADA simulation environment (SCADA-SST) suitable for security testing. The simulation environment is generic, easy to setup (comes with a detailed manual), and supports hybrid architectures (involving simulated as well as physical components). We show how SCADA-SST can be used to simulate two realistic settings, namely, Water distribution and Electrical power grid. Finally, for the sake of security testing example, we show how SCADASST can be used to assess the resilience of common SCADA nodes to DOS attacks.

Original language	English
Title of host publication	2016 World Congress on Industrial Control Systems Security, WCICSS 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	34-39
Number of pages	6
ISBN (Electronic)	9781908320636
DOIs	https://doi.org/10.1109/WCICSS.2016.7882610
State	Published - 20 Mar 2017

Publication series

Name	2016 World Congress on Industrial Control Systems Security, WCICSS 2016

Bibliographical note

Funding Information:
This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals.

Publisher Copyright:
© 2016 IEEE.

Keywords

Industrial Control Systems
Network attacks
SCADA
Security testing
Simulation

ASJC Scopus subject areas

Control and Systems Engineering
Control and Optimization
Artificial Intelligence
Computer Networks and Communications
Industrial and Manufacturing Engineering
Safety, Risk, Reliability and Quality

Access to Document

10.1109/WCICSS.2016.7882610

Cite this

@inproceedings{2746fc827d194aa9a1cb9990d658a1d1,

title = "SCADA-SST: A SCADA security testbed",

abstract = "The number of reported cybersecurity incidents on SCADA (Supervisory Control and Data Acquisition) systems increased significantly in the past few years. One contributing factor is the fact that security testing of live SCADA systems is not practical as such systems are expected to be operational 24/7. Also and most importantly, conducting live security testing on these types of systems is generally costly. A practical and cost-effective solution is to carry out security testing on a simulated version of the physical setting. The main contribution of this paper is to present a SCADA simulation environment (SCADA-SST) suitable for security testing. The simulation environment is generic, easy to setup (comes with a detailed manual), and supports hybrid architectures (involving simulated as well as physical components). We show how SCADA-SST can be used to simulate two realistic settings, namely, Water distribution and Electrical power grid. Finally, for the sake of security testing example, we show how SCADASST can be used to assess the resilience of common SCADA nodes to DOS attacks.",

keywords = "Industrial Control Systems, Network attacks, SCADA, Security testing, Simulation",

author = "Asem Ghaleb and Sami Zhioua and Ahmad Almulhem",

note = "Funding Information: This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals. Publisher Copyright: {\textcopyright} 2016 IEEE.",

year = "2017",

month = mar,

day = "20",

doi = "10.1109/WCICSS.2016.7882610",

language = "English",

series = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "34--39",

booktitle = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",

address = "United States",

}

SCADA-SST: A SCADA security testbed. / Ghaleb, Asem; Zhioua, Sami; Almulhem, Ahmad.
2016 World Congress on Industrial Control Systems Security, WCICSS 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 34-39 7882610 (2016 World Congress on Industrial Control Systems Security, WCICSS 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SCADA-SST

T2 - A SCADA security testbed

AU - Ghaleb, Asem

AU - Zhioua, Sami

AU - Almulhem, Ahmad

N1 - Funding Information: This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals. Publisher Copyright: © 2016 IEEE.

PY - 2017/3/20

Y1 - 2017/3/20

N2 - The number of reported cybersecurity incidents on SCADA (Supervisory Control and Data Acquisition) systems increased significantly in the past few years. One contributing factor is the fact that security testing of live SCADA systems is not practical as such systems are expected to be operational 24/7. Also and most importantly, conducting live security testing on these types of systems is generally costly. A practical and cost-effective solution is to carry out security testing on a simulated version of the physical setting. The main contribution of this paper is to present a SCADA simulation environment (SCADA-SST) suitable for security testing. The simulation environment is generic, easy to setup (comes with a detailed manual), and supports hybrid architectures (involving simulated as well as physical components). We show how SCADA-SST can be used to simulate two realistic settings, namely, Water distribution and Electrical power grid. Finally, for the sake of security testing example, we show how SCADASST can be used to assess the resilience of common SCADA nodes to DOS attacks.

AB - The number of reported cybersecurity incidents on SCADA (Supervisory Control and Data Acquisition) systems increased significantly in the past few years. One contributing factor is the fact that security testing of live SCADA systems is not practical as such systems are expected to be operational 24/7. Also and most importantly, conducting live security testing on these types of systems is generally costly. A practical and cost-effective solution is to carry out security testing on a simulated version of the physical setting. The main contribution of this paper is to present a SCADA simulation environment (SCADA-SST) suitable for security testing. The simulation environment is generic, easy to setup (comes with a detailed manual), and supports hybrid architectures (involving simulated as well as physical components). We show how SCADA-SST can be used to simulate two realistic settings, namely, Water distribution and Electrical power grid. Finally, for the sake of security testing example, we show how SCADASST can be used to assess the resilience of common SCADA nodes to DOS attacks.

KW - Industrial Control Systems

KW - Network attacks

KW - SCADA

KW - Security testing

KW - Simulation

UR - http://www.scopus.com/inward/record.url?scp=85018425744&partnerID=8YFLogxK

U2 - 10.1109/WCICSS.2016.7882610

DO - 10.1109/WCICSS.2016.7882610

M3 - Conference contribution

AN - SCOPUS:85018425744

T3 - 2016 World Congress on Industrial Control Systems Security, WCICSS 2016

SP - 34

EP - 39

BT - 2016 World Congress on Industrial Control Systems Security, WCICSS 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

SCADA-SST: A SCADA security testbed

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this