A laboratory for cyber-attack generation and testing in Industrial Control Systems: Design and Simulation

Abstract

Industrial control systems (ICSs) are used widely throughout the world for the control of large, complex industrial plants and consist of the entire setups of control system including sensors, PLCs (Programmable Logic Controllers), actuators and communication devices. The communication between these ICS devices is performed using industrial communication protocols such as Modbus, EtherCAT, etc. With the advancements in the use of the internet, ICS are being enabled to share real-time information over the internet worldwide. While these features make the ICS more accessible for remote supervisory control, they also make them vulnerable to cyber-attacks. This makes it the need of the hour to investigate risks and impacts of cyber attacks on ICS. Generating, injecting and testing cyber attacks on real world ICS, controlling critical infrastructure will involve several financial risks and safety issues. This gives rise to the necessity of an ICS testbed, with the ability to inject and test cyber attacks, in a safe and secure environment. A testbed provides a cheaper alternative for testing impacts of cyber attacks and also offers more flexibility to simulate multiple industrial scenarios. Together, these aspects form the core reasons behind the requirement of an ICS testbed. As the real world ICSs are often costly and specialized for industrial usage, there are not many research laboratories around the world with the availability of a testbed to study cyber attacks. Therefore, this Master of science thesis, through its primary research question, investigates if a cyber-attack testbed can be built in the NERD lab at the Delft University of Technology, which is able to replicate a real-world ICS network to identify and test vulnerabilities of ICSs working on Modbus protocol to cyber-attacks? To answer this question, this report studies the vulnerabilities in ICS working with Modbus protocol. A novel design for an ICS testbed for generating and testing cyber attacks at NERD Lab in TU Delft is presented during this thesis. The proposed testbed utilizes real world ICS components such as PLC and HMI, combined with a plant simulator, which is used for simulating an industrial process. The testbed utilizes a Linux based attack PC to generate and inject various cyber attacks. A virtualization platform connects the attack PC to the ICS network, giving the flexibility of injecting attacks on the testbed, without the attacker being physically present on the plant site. With the use of real world ICS, the testbed therefore allows to replicate a typical ICS scenario in the real world industry. Further, a simulated version of the actual testbed, with open source softwares, mimicking the ICS systems has been developed in this report. This simulated version provides a cheaper and flexible platform to perform initial testing on the working of the testbed and checks the feasibility of the actual testbed. The testbed simulates a plant, controller, and HMI in Matlab/Simulink on different physical PCs, which communicate with the Modbus protocol. An attack PC with a virtualization environment has been used to launch cyber attacks on the simulated testbed, same as that to be used in the proposed testbed at Delft University of Technology. Two main types of cyber attacks namely, Man-In-The-Middle (MITM) and Denial-of-Service (DoS) attack have been successfully implemented on this simulated testbed. To conclude this thesis, advanced versions of these attacks have also been developed and their impacts have been analysed.