SCADA Sandbox Tests Real-World Impact Of Cyberattacks On Critical Infrastructure

  /     /     /  
Publicated : 22/11/2024   Category : security


SCADA Sandbox Tests Real-World Impact Of Cyberattacks On Critical Infrastructure


New testbeds would help operators test software patches as well



SAN FRANCISCO -- RSA CONFERENCE 2013 – The oil and gas industry now has at its disposal a SCADA security test laboratory for testing just how their environments would hold up -- or not -- to todays attacks. The so-called Industrial Control System (ICS) Sandbox, based in Montreal, aims to simulate real-world effects of attacks on critical infrastructure to help power plants and other operators better lock down their environments.
Representatives from academia, the power industry, and security vendor world have teamed up to offer the testbed environment to critical infrastructure operators in the U.S. and Canada, as well as Brazil, where a similar testbed is now under construction. The testbeds ultimately will be expanded to support other sectors of critical infrastructure.
Its not only about how this machine got hacked and why its not now available. Its whats the impact of that in the real world: Do I still get pressure? Do I still get electricity to these homes? says Jose Fernandez, assistant professor of computer and software engineering at Ecole Polytechnique in Montreal, where the ICS Sandbox is located. What happens in the real world [in an attack] is one of the gaps ... that is what we are trying to bridge with the test labs.
The ICS Sandbox, which was funded by Natural Sciences and Engineering Research Council of Canada (NSERC), went operational last year and includes some 100 machines, including servers, workstations, PLCs, sensors, electrical simulators, and commercial SCADA software. The testbed currently provides two training courses and will be expanded to support real-life test scenarios for operators who use it.
Canadas national energy infrastructure agency is building a prototype of the ICS Sandbox, and the Brazilian government is funding its own ICS Sandbox, as well, modeled after the Canadian one.
Fernandez says the ICS Sandbox blends IT and SCADA systems with malware and attacks, and simulates the physics of that combination on the power grid systems. If [malware ultimately] cut this switch voltage on that particular sensor, its going to change by this much .... now 10,000 of your customers are out of electricity: Thats your impact.
The researchers behind the testbed say its not Stuxnet that worries most critical infrastructure operators, but rather the everyday malware and bot infections that regularly threaten and infect SCADA systems, and just what impact that malware would have on power generation, for example. And the rollout of smart grid technology could exacerbate those risks, they say.
The vast majority [of cyberthreats] in operational environments is just malware ... but in a very sensitive environment. A spam bot may cause a lot of collateral damage, for example, even though it wasnt meant to take down a system, says Tiago Alves de Jesus, a researcher with Carlton Universitys infrastructure resilience research group. When the bot tries to send spam or send traffic, it may cause infrastructure problems.
But unlike in a traditional IT environment where you can just clean it up, patch, and reboot, SCADA environments cant recover that way, he says.
The ICS Sandbox can also be used to test out patches to SCADA products, its developers say.
Patching is a major conundrum in the SCADA space. Overall, only about 10 to 20 percent of organizations today actually install patches that their SCADA vendors are releasing, mainly because utilities and ICS organizations face risks of power shutdowns if a newly patched system goes awry.
[Industrial control systems vendors are starting to patch security bugs, but actually installing the fixes can invite more trouble. See
The SCADA Patch Problem
.]
Doug Powell, manager of SMI security, privacy, and safety for Canadian utility company BC Hydro, says operators need to see what their threat environments really look like. He says his company has its own internal test labs and hopes to share its data with the ICS Sandbox project.
Ultimately, were talking about risk management, says Powell, who spoke on a panel with Fernandez, Alves de Jesus, and representatives from security vendors TISafe and Modulo, who are involved with the ICS Sandbox project. Thats really a compliance discussion. Are we meeting compliance?
Marcelo Branquinho, executive director for TiSafe, and Sergio Thompson-Flores from Modulo, say their firms have collaborated on a GRC tool for the SCADA world. Energy companies in Brazil are implementing it. Its a tool thats managing risk and compliance in a SCADA environment, Branquinho says.
What keeps us up at night is we havent caught up in security in SCADA systems today, Ecole Polytechniques Fernandez says. And with smarter infrastructure and increasing threats, things are going to get worse, he says.
Its not all about Stuxnet, but the cyberweapon indeed was a turning point for SCADA operators. Stuxnet taught us that theres a new player out there with new capabilities, new intentions. It taught us that theres malware out in the world that can be adapted, and it doesnt take a nation-state to adapt malware, BC Hydros Powell says. It tells us where we have to stand, what we have to worry about and to do. As an operator, I want the capability to detect a threat actor, know what doors Ive left open, and what [threat] vectors are built into the system.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SCADA Sandbox Tests Real-World Impact Of Cyberattacks On Critical Infrastructure