Home > Research > Publications & Outputs > Pains, Gains and PLCs

Electronic data

Links

View graph of relations

Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research

Research output: Contribution to conference - Without ISBN/ISSN Conference paperpeer-review

Published

Standard

Pains, Gains and PLCs : Ten Lessons from Building an Industrial Control Systems Testbed for Security Research. / Green, Benjamin; Le, Anh Tuan; Antrobus, Rob; Roedig, Utz; Hutchison, David; Rashid, Awais.

2017. Paper presented at The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17), Vancouver, BC, Canada.

Research output: Contribution to conference - Without ISBN/ISSN Conference paperpeer-review

Harvard

Green, B, Le, AT, Antrobus, R, Roedig, U, Hutchison, D & Rashid, A 2017, 'Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research', Paper presented at The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17), Vancouver, BC, Canada, 14/08/17 - 14/08/17. <https://www.usenix.org/conference/cset17/workshop-program/presentation/green>

APA

Green, B., Le, A. T., Antrobus, R., Roedig, U., Hutchison, D., & Rashid, A. (2017). Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research. Paper presented at The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17), Vancouver, BC, Canada. https://www.usenix.org/conference/cset17/workshop-program/presentation/green

Vancouver

Green B, Le AT, Antrobus R, Roedig U, Hutchison D, Rashid A. Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research. 2017. Paper presented at The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17), Vancouver, BC, Canada.

Author

Green, Benjamin ; Le, Anh Tuan ; Antrobus, Rob ; Roedig, Utz ; Hutchison, David ; Rashid, Awais. / Pains, Gains and PLCs : Ten Lessons from Building an Industrial Control Systems Testbed for Security Research. Paper presented at The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17), Vancouver, BC, Canada.8 p.

Bibtex

@conference{44ef663a5e05413caa7aa8ea7056060e,
title = "Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research",
abstract = "Recent years have seen a number of cyber attacks targeting Industrial Control Systems (ICSs). Reports detailing the findings from such attacks vary in detail. Hands-on experimental research is, therefore, required to better understand and explore security challenges in ICSs. However, real-world production systems are often off- limits due to the potential impact such research could have on operational processes and, in turn, safety. On the other hand, software-based simulations cannot always reflect all the potential device/system states due to over-simplified assumptions when modelling the hardware in question. As a result, laboratory-based ICS testbeds have become a key tool for research on ICS security. Development of such a testbed is a costly, labour- and time- intensive activity that must balance a range of design considerations, e.g., diversity of hardware and software platforms against scalability and complexity. Yet there is little coverage in existing literature on such design considerations, their implications and how to avoid typical pitfalls. Each group of researchers embarks on this journey from scratch, learning through a painful process of trial and error. In this paper we address this gap by reflecting on over 3 years of experience of building an extensive ICS testbed with a range of devices (e.g., PLCs, HMIs, RTUs) and software. We discuss the architecture of our testbed and reflect on our experience of addressing issues of diversity, scalability and complexity and design choices to manage trade-offs amongst these properties.",
author = "Benjamin Green and Le, {Anh Tuan} and Rob Antrobus and Utz Roedig and David Hutchison and Awais Rashid",
year = "2017",
month = aug,
day = "14",
language = "English",
note = "The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET {\textquoteright}17) ; Conference date: 14-08-2017 Through 14-08-2017",

}

RIS

TY - CONF

T1 - Pains, Gains and PLCs

T2 - The 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET ’17)

AU - Green, Benjamin

AU - Le, Anh Tuan

AU - Antrobus, Rob

AU - Roedig, Utz

AU - Hutchison, David

AU - Rashid, Awais

PY - 2017/8/14

Y1 - 2017/8/14

N2 - Recent years have seen a number of cyber attacks targeting Industrial Control Systems (ICSs). Reports detailing the findings from such attacks vary in detail. Hands-on experimental research is, therefore, required to better understand and explore security challenges in ICSs. However, real-world production systems are often off- limits due to the potential impact such research could have on operational processes and, in turn, safety. On the other hand, software-based simulations cannot always reflect all the potential device/system states due to over-simplified assumptions when modelling the hardware in question. As a result, laboratory-based ICS testbeds have become a key tool for research on ICS security. Development of such a testbed is a costly, labour- and time- intensive activity that must balance a range of design considerations, e.g., diversity of hardware and software platforms against scalability and complexity. Yet there is little coverage in existing literature on such design considerations, their implications and how to avoid typical pitfalls. Each group of researchers embarks on this journey from scratch, learning through a painful process of trial and error. In this paper we address this gap by reflecting on over 3 years of experience of building an extensive ICS testbed with a range of devices (e.g., PLCs, HMIs, RTUs) and software. We discuss the architecture of our testbed and reflect on our experience of addressing issues of diversity, scalability and complexity and design choices to manage trade-offs amongst these properties.

AB - Recent years have seen a number of cyber attacks targeting Industrial Control Systems (ICSs). Reports detailing the findings from such attacks vary in detail. Hands-on experimental research is, therefore, required to better understand and explore security challenges in ICSs. However, real-world production systems are often off- limits due to the potential impact such research could have on operational processes and, in turn, safety. On the other hand, software-based simulations cannot always reflect all the potential device/system states due to over-simplified assumptions when modelling the hardware in question. As a result, laboratory-based ICS testbeds have become a key tool for research on ICS security. Development of such a testbed is a costly, labour- and time- intensive activity that must balance a range of design considerations, e.g., diversity of hardware and software platforms against scalability and complexity. Yet there is little coverage in existing literature on such design considerations, their implications and how to avoid typical pitfalls. Each group of researchers embarks on this journey from scratch, learning through a painful process of trial and error. In this paper we address this gap by reflecting on over 3 years of experience of building an extensive ICS testbed with a range of devices (e.g., PLCs, HMIs, RTUs) and software. We discuss the architecture of our testbed and reflect on our experience of addressing issues of diversity, scalability and complexity and design choices to manage trade-offs amongst these properties.

M3 - Conference paper

Y2 - 14 August 2017 through 14 August 2017

ER -