The SUPPRESS research group (Supervision, Control and Automation) has launched the Critical Infrastructure Cybersecurity Research Laboratory (CIClab), granted and funded by the Secretariat of State for Research , Development and Innovation in resolutions of November 19, 2014 (PHASE I) and December 30, 2015 (PHASE II) (BOE of January 16, 2016) of the State Plan for Infrastructure and Scientific Equipment.
In this laboratory, vulnerabilities and attack techniques that may affect control and monitoring systems of critical infrastructures, as well as their communication protocols, are studied and analyzed. As a consequence of these actions, methods and / or procedures for prevention, detection and response to incidents that can be effective to ensure these critical systems are developed and evaluated. This is studied and analyzed in test environments that replicate the elements and structures available in real critical infrastructures of the industrial, buildings and electric power sectors.
In CICLAB, cybersecurity in critical infrastructures is investigated in four areas: industrial systems, electricity supply, building management and wireless sensor networks.
- The industrial subsystem has been designed in such a way that the different equipments that integrate it (PLCs, DCSs, RTUs, industrial PCs, I/O, distributed periphery, HMIs, etc.) are communicated using a wide variety of industrial protocols: Modbus TCP, Ethernet / IP, Profinet, Devicenet, Ethercat, etc.
- In the building management subsystem, a design has been chosen in which the greatest possible number of technologies related to the automation of buildings are present. In this sense, LonWorks, BACnet, KNX and Modbus networks have been configured, as well as wireless communications based on the ZigBee and EnOcean specifications.
- The electrical subsystem represents the structure of supervision and control corresponding to an electrical supply system. For this purpose, the supervisory and control architectures used in substations, transformation centers and end customers have been replicated. This architecture is based on communications networks under the IEC 60870-5-104, DNP3, PRIME standards.
- A network of autonomous wireless sensors communicated using the 802.11g protocol has been deployed in the wireless sensor subsystem. These sensors, located at different points inside the laboratory and outside the building, measure luminosity, atmospheric pressure, noise, amount of ozone, as well as percentage of carbon dioxide, carbon monoxide and nitrogen in the atmosphere.