Rights statement: © ACM, 2019. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in PUBLICATION, {VOL#, ISS#, (DATE)} http://doi.acm.org/10.1145/nnnnnn.nnnnnn
Accepted author manuscript, 6.46 MB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Oops I Did it Again
T2 - 5th ACM Workshop on Cyber-Physical Systems Security and Privacy
AU - Gardiner, Joseph
AU - Craggs, Barnaby
AU - Green, Benjamin
AU - Rashid, Awais
N1 - Conference code: 5th
PY - 2019/11/30
Y1 - 2019/11/30
N2 - Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks.Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield large-scale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up – one in which we have been able to look back and validate those past lessons and principles.In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and con- tribute five previously unrecognised additional lessons based on this experience.
AB - Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks.Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield large-scale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up – one in which we have been able to look back and validate those past lessons and principles.In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and con- tribute five previously unrecognised additional lessons based on this experience.
U2 - 10.1145/3338499.3357355
DO - 10.1145/3338499.3357355
M3 - Conference contribution/Paper
SN - 9781450368315
SP - 75
EP - 86
BT - CPS-SPC'19 Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy
PB - ACM
CY - New York
Y2 - 11 November 2019 through 11 November 2019
ER -