The SUPPRESS research group has developed a demonstrator model for research and education on cybersecurity of industrial control systems. This model has been implemented as a control cabinet that emulates the three lower levels of the automation pyramid (field, control and supervision) as well as the communications among them.
Thus, we can obtain a comprehensive view of the automation pyramid and of the network architectures that can be established in the control system, answering to the traditional lack of educational equipment inthis field. Apart from industrial devices (PLC, HMI display, variable frequency drive, etc.), the cabinet includes network elements (a router, a switch and a firewall with deep packet inspection). Additionally, there is a set of virtual machines with the usual software available in engineering and monitoring workstations of an industrial control system (SCADA, PLC
programming platform, etc.) or security-related software (for filtering and protection, vulnerability assessment, penetration testing, etc.).
Thus, we can obtain a comprehensive view of the automation pyramid and of the network architectures that can be established in the control system, answering to the traditional lack of educational equipment inthis field. Apart from industrial devices (PLC, HMI display, variable frequency drive, etc.), the cabinet includes network elements (a router, a switch and a firewall with deep packet inspection). Additionally, there is a set of virtual machines with the usual software available in engineering and monitoring workstations of an industrial control system (SCADA, PLC
programming platform, etc.) or security-related software (for filtering and protection, vulnerability assessment, penetration testing, etc.).
Remote connection to the demonstrator model is possible through the restricted access to a remote desktop manager that enables the access to a certain virtual machine through remote
desktop while it blocks any outbound traffic, isolating the test environment. The selected network architecture and the use of virtualization provide the flexibility, isolation and easy maintenance required for a frequent use of the platform Therefore, we provide a flexible environment for local and remote experimentation that can be equally useful for students with an IT background or for students with an automation-oriented profile. With the demonstrator model, that student can perform hands-on tasks on secure configuration of industrial devices, network traffic analysis, reconnaissance and vulnerability assessment, configuration of security filters, as well as take different roles in the control system,
both from a control or security perspective.
