A practical SCADA testbed in electrical power system environment for cyber-security exercises

Norziana Jamil, Qais Qassim, Maslina Daud, Izham Zainal Abidin, Norhamadi Jaaffar, Wan Azlan Wan Kamarulzaman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The impact from Stuxnet worm to SCADA systems in 2010 has been one of the most significant signals of a well-coordinated cyber-Attack is now towards disrupting national critical infrastructures such as power grid governed by SCADA system. The discovery of this worm has put a lot of attention on the strength and security level of security countermeasures of existing critical infrastructure systems such as SCADA that has been long used as a legacy system. One way to assess the strength and security level of a system is through penetration testing and vulnerability assessment that would help in determining weaknesses, loopholes and potential breaches for exploitation in system defences. However, performing a real penetration test and vulnerability assessment in a real critical infrastructure system is infeasible and unlikely to happen because an unintended consequence that might occur can propagate its effect to a wider scale. On the other hand, a replicated system is also infeasible due to the high cost and huge effort required. Therefore, developing a realistic SCADA testbed is the best available option for the cyber-security exercise to take place. This paper describes in-detail a scalable and reconfigurable SCADA testbed for cyber-security analysis.

Original languageEnglish
Title of host publicationProceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018
EditorsGoi Bok Min, Mohamad Rushdan Md. Said, Hailiza Kamarulhaili, Heng Swee Huay, Moesfa Soeheila Mohamad, Muhammad Rezal Kamel Ariffin
PublisherInstitute for Mathematical Research (INSPEM)
Pages176-188
Number of pages13
ISBN (Print)9789834406967
Publication statusPublished - 01 Jan 2018
Event6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018 - Port Dickson, Negeri Sembilan, Malaysia
Duration: 09 Jul 201811 Jul 2018

Publication series

NameProceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018

Other

Other6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018
CountryMalaysia
CityPort Dickson, Negeri Sembilan
Period09/07/1811/07/18

Fingerprint

Critical infrastructures
Testbeds
SCADA systems
Legacy systems
Testing
Costs

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems

Cite this

Jamil, N., Qassim, Q., Daud, M., Zainal Abidin, I., Jaaffar, N., & Kamarulzaman, W. A. W. (2018). A practical SCADA testbed in electrical power system environment for cyber-security exercises. In G. B. Min, M. R. M. Said, H. Kamarulhaili, H. S. Huay, M. S. Mohamad, & M. R. K. Ariffin (Eds.), Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018 (pp. 176-188). (Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018). Institute for Mathematical Research (INSPEM).
Jamil, Norziana ; Qassim, Qais ; Daud, Maslina ; Zainal Abidin, Izham ; Jaaffar, Norhamadi ; Kamarulzaman, Wan Azlan Wan. / A practical SCADA testbed in electrical power system environment for cyber-security exercises. Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018. editor / Goi Bok Min ; Mohamad Rushdan Md. Said ; Hailiza Kamarulhaili ; Heng Swee Huay ; Moesfa Soeheila Mohamad ; Muhammad Rezal Kamel Ariffin. Institute for Mathematical Research (INSPEM), 2018. pp. 176-188 (Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018).
@inproceedings{2096488f34b8494987313c7524646c67,
title = "A practical SCADA testbed in electrical power system environment for cyber-security exercises",
abstract = "The impact from Stuxnet worm to SCADA systems in 2010 has been one of the most significant signals of a well-coordinated cyber-Attack is now towards disrupting national critical infrastructures such as power grid governed by SCADA system. The discovery of this worm has put a lot of attention on the strength and security level of security countermeasures of existing critical infrastructure systems such as SCADA that has been long used as a legacy system. One way to assess the strength and security level of a system is through penetration testing and vulnerability assessment that would help in determining weaknesses, loopholes and potential breaches for exploitation in system defences. However, performing a real penetration test and vulnerability assessment in a real critical infrastructure system is infeasible and unlikely to happen because an unintended consequence that might occur can propagate its effect to a wider scale. On the other hand, a replicated system is also infeasible due to the high cost and huge effort required. Therefore, developing a realistic SCADA testbed is the best available option for the cyber-security exercise to take place. This paper describes in-detail a scalable and reconfigurable SCADA testbed for cyber-security analysis.",
author = "Norziana Jamil and Qais Qassim and Maslina Daud and {Zainal Abidin}, Izham and Norhamadi Jaaffar and Kamarulzaman, {Wan Azlan Wan}",
year = "2018",
month = "1",
day = "1",
language = "English",
isbn = "9789834406967",
series = "Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018",
publisher = "Institute for Mathematical Research (INSPEM)",
pages = "176--188",
editor = "Min, {Goi Bok} and Said, {Mohamad Rushdan Md.} and Hailiza Kamarulhaili and Huay, {Heng Swee} and Mohamad, {Moesfa Soeheila} and Ariffin, {Muhammad Rezal Kamel}",
booktitle = "Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018",

}

Jamil, N, Qassim, Q, Daud, M, Zainal Abidin, I, Jaaffar, N & Kamarulzaman, WAW 2018, A practical SCADA testbed in electrical power system environment for cyber-security exercises. in GB Min, MRM Said, H Kamarulhaili, HS Huay, MS Mohamad & MRK Ariffin (eds), Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018. Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018, Institute for Mathematical Research (INSPEM), pp. 176-188, 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018, Port Dickson, Negeri Sembilan, Malaysia, 09/07/18.

A practical SCADA testbed in electrical power system environment for cyber-security exercises. / Jamil, Norziana; Qassim, Qais; Daud, Maslina; Zainal Abidin, Izham; Jaaffar, Norhamadi; Kamarulzaman, Wan Azlan Wan.

Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018. ed. / Goi Bok Min; Mohamad Rushdan Md. Said; Hailiza Kamarulhaili; Heng Swee Huay; Moesfa Soeheila Mohamad; Muhammad Rezal Kamel Ariffin. Institute for Mathematical Research (INSPEM), 2018. p. 176-188 (Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A practical SCADA testbed in electrical power system environment for cyber-security exercises

AU - Jamil, Norziana

AU - Qassim, Qais

AU - Daud, Maslina

AU - Zainal Abidin, Izham

AU - Jaaffar, Norhamadi

AU - Kamarulzaman, Wan Azlan Wan

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The impact from Stuxnet worm to SCADA systems in 2010 has been one of the most significant signals of a well-coordinated cyber-Attack is now towards disrupting national critical infrastructures such as power grid governed by SCADA system. The discovery of this worm has put a lot of attention on the strength and security level of security countermeasures of existing critical infrastructure systems such as SCADA that has been long used as a legacy system. One way to assess the strength and security level of a system is through penetration testing and vulnerability assessment that would help in determining weaknesses, loopholes and potential breaches for exploitation in system defences. However, performing a real penetration test and vulnerability assessment in a real critical infrastructure system is infeasible and unlikely to happen because an unintended consequence that might occur can propagate its effect to a wider scale. On the other hand, a replicated system is also infeasible due to the high cost and huge effort required. Therefore, developing a realistic SCADA testbed is the best available option for the cyber-security exercise to take place. This paper describes in-detail a scalable and reconfigurable SCADA testbed for cyber-security analysis.

AB - The impact from Stuxnet worm to SCADA systems in 2010 has been one of the most significant signals of a well-coordinated cyber-Attack is now towards disrupting national critical infrastructures such as power grid governed by SCADA system. The discovery of this worm has put a lot of attention on the strength and security level of security countermeasures of existing critical infrastructure systems such as SCADA that has been long used as a legacy system. One way to assess the strength and security level of a system is through penetration testing and vulnerability assessment that would help in determining weaknesses, loopholes and potential breaches for exploitation in system defences. However, performing a real penetration test and vulnerability assessment in a real critical infrastructure system is infeasible and unlikely to happen because an unintended consequence that might occur can propagate its effect to a wider scale. On the other hand, a replicated system is also infeasible due to the high cost and huge effort required. Therefore, developing a realistic SCADA testbed is the best available option for the cyber-security exercise to take place. This paper describes in-detail a scalable and reconfigurable SCADA testbed for cyber-security analysis.

UR - http://www.scopus.com/inward/record.url?scp=85054529092&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054529092&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9789834406967

T3 - Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018

SP - 176

EP - 188

BT - Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018

A2 - Min, Goi Bok

A2 - Said, Mohamad Rushdan Md.

A2 - Kamarulhaili, Hailiza

A2 - Huay, Heng Swee

A2 - Mohamad, Moesfa Soeheila

A2 - Ariffin, Muhammad Rezal Kamel

PB - Institute for Mathematical Research (INSPEM)

ER -

Jamil N, Qassim Q, Daud M, Zainal Abidin I, Jaaffar N, Kamarulzaman WAW. A practical SCADA testbed in electrical power system environment for cyber-security exercises. In Min GB, Said MRM, Kamarulhaili H, Huay HS, Mohamad MS, Ariffin MRK, editors, Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018. Institute for Mathematical Research (INSPEM). 2018. p. 176-188. (Proceedings of the 6th International Cryptology and Information Security Conference 2018, CRYPTOLOGY 2018).