irfan ahmed - ieeesites.ieee.org/neworleans/files/2017/03/uno-icss-scada-testbed... · irfan ahmed...

Irfan Ahmed

Assistant ProfessorDepartment of Computer Science

University of New Orleans

1"

!  An ICS Testbed at UNO

!  Research & Pedagogy

!  Assistant Professor of Computer Science at the University of New Orleans

!  Research Areas!  Digital Forensics!  Industrial Control Systems (ICS)!  Security via Virtualization

!  Cybersecurity Education!  cs.uno.edu/~irfan

!  Control system is a device or set of devices that regulate the behavior of other devices or systems

Control System Component

Input; Stimulus Output; Response

–  Input " typically sensors –  Output " actuators to control other device

!  A thermostat is a simple control system that !  senses the temperature, and !  turns a heater on or off to maintain the temperature

at a set point

Room Temperature

Turn on/off

!  ICS are typically used to automate industrial processes !  e.g., power generation, and water filtering

!  Conveyor belt – example!  Programmable Logic Controller (PLC)!  Proximity Sensor

!  Servo drive

!  SCADA " Supervisory Control and Data Acquisition

!  Are highly distributed systems !  Provides centralized data acquisition,

monitoring, and control in real time

Historian

Power Distribution

EtherNet/IP

HMI

Modbus

EthernetSwitch

Field Site 1

Control Center

Gas Pipeline

Field Site 2

Wastewater Treatment

Field Site 3

PROFINET

PLCPLCPLC

!  Cyber attacks and Vulnerabilities!  Cyber attacks on the testbed vs. similar ICS

systems in industry!  Small scale physical model put limitations

!  does not offer a large set of parameters and variables from physical process

!  Limited data for network traffic analysis!  Limited number of PLCs and ICS protocol

support

!  Research Prototype Evaluation!  Testing on testbed enforces the constraints of a

typical ICS system!  24/7 availability requirement of ICS services!  Resource-constrained embedded devices!  Interaction of cyber and physical worlds!  ICS communication protocols

!  Difficult to add security functionalities in PLCs!  proprietary firmware/OS !  Limited tools/techniques to access and modify

firmware/OS code in PLC

!  Useful for Digital Forensic research!  Tools and techniques to extract and analyze

digital artifacts from !  HMI and other ICS services!  PLCs!  ICS Network traffic

!  Demonstration of physical processes!  Varied programming software support

!  PLCs of three vendors, each using different programming software

!  Schneider Electric - SoMachine Basic!  Allen-Bradley - Studio 5000!  Siemens - SIMATIC STEP 7

!  Varied ICS protocol support!  EtherNet/IP!  Modbus!  PROFINET

!  Topics!  Introduction to industrial control

systems (ICS)!  PLC programming!  ICS network protocols!  ICS vulnerabilities and cyber attacks!  ICS security solutions

!  Hands-on!  PLC: Allen-Bradley’s Micrologix 1400 B!  Program PLC to control Traffic Lights!  Implement man-in the middle attack

!  PLC Vendors!  GE, Mitsubishi, Allen Bradley, Omron, WAGO,

Siemens, Automation Direct, and Schneider!  PLCs

!  Micro820, ControlLogix, 1214 TIA, CJ1M, and Fanuc 90/30

!  Protocols!  CC Link, PROFINET, DNP3, Modbus, EtherNet/IP,

PCCC, BAC, FL-Net, MC, FINS, and CJ2,

!  No fieldbus I/O support!  No connectivity with the cloud!  No IoT appliances in the testbed

!  So called industrial internet of things

Irfan&Ahmed&irfan@cs.uno.edu""504"3"280"3"4409"

Contact&me&"&&