ABSTRACT
Cyber-physical systems are being increasingly employed in everyday applications, including critical ones. This integration of operational technology systems, originally designed to operate in physical isolation -hence with no or little cyber security defences- with information technology systems, by default meant to be networked, dramatically increases the cyber-attack surface of the resulting composite systems. Thus, the assessment of the security posture of cyber-physical systems, as well as the evaluation of the effectiveness and efficiency of the defensive mechanisms become of paramount importance. Unfortunately, testing cyber security in live real-world cyber-physical systems is not advisable, even when it is possible; hence, the use of testbeds is a necessary alternative. This work surveys cyber-physical testbeds in five major application domains, with an eye towards identifying key features to be subsequently used as input to the process of defining requirements for future cyber-physical testbeds with cyber security posture assessment capability. We then propose a reference architecture for the next generation of cyber ranges, namely the cyber-physical ranges.
- Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, and Aditya P Mathur. 2017. WADI: A water distribution testbed for research in the design of secure cyber physical systems. In Proceedings of the 3rd International Workshop on Cyber- Physical Systems for Smart Water Networks. ACM, 25--28. Google ScholarDigital Library
- Irfan Ahmed, Vassil Roussev, William Johnson, Saranyan Senthivel, and Sneha Sudhakaran. 2016. A SCADA system testbed for cybersecurity and forensic research and pedagogy. In Proceedings of the 2nd Annual Industrial Control System Security Workshop. ACM, 1--9. Google ScholarDigital Library
- Al Balushi T. Nadir Z. Hussain O.K. Ali, S. 2018. Cyber Security for Cyber Physical Systems. Google ScholarDigital Library
- Magnus Almgren, Peter Andersson, Gunnar Björkman, Mathias Ekstedt, Jonas Hallberg, Simin Nadjm-Tehrani, and Erik Westring. 2018. RICS-el: Building a National Testbed for Research and Training on SCADA Security (Short Paper). In International Conference on Critical Information Infrastructures Security. Springer, 219--225.Google Scholar
- M. A. Crossman and. 2015. Study of authentication with IoT testbed. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST). 1--7.Google ScholarCross Ref
- Tofino Security Appliance. {n. d.}. Protect your SCADA and Industrial Control Systems Against Network Problems and Cyber ThreatsGoogle Scholar
- Aditya Ashok, Sujatha Krishnaswamy, and Manimaran Govindarasu. 2016. PowerCyber: A remotely accessible testbed for Cyber Physical security of the Smart Grid. In Innovative Smart Grid Technologies Conference (ISGT), 2016 IEEE Power & Energy Society. IEEE, 1--5.Google ScholarCross Ref
- Yared Berhanu, Habtamu Abie, and Mohamed Hamdi. 2013. A Testbed for Adaptive Security for IoT in eHealth. In Proceedings of the International Workshop on Adaptive Security (ASPI '13). ACM, New York, NY, USA, Article 5, 8 pages. Google ScholarDigital Library
- Richard Candell, Keith Stouffer, and Dhananjay Anand. 2014. A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium.Google Scholar
- Wang Chunlei, Fang Lan, and Dai Yiqi. 2010. A Simulation Environment for SCADA Security Analysis and Assessment. 342 -- 347. Google ScholarDigital Library
- Mehmet Hazar Cintuglu, Osama A Mohammed, Kemal Akkaya, and A Selcuk Uluagac. 2017. A Survey on Smart Grid Cyber-Physical System Testbeds. IEEE Communications Surveys and Tutorials 19, 1 (2017), 446--464.Google ScholarCross Ref
- Edward JM Colbert and Alexander Kott. 2016. Cyber-security of SCADA and other industrial control systems. Vol. 66. Springer. Google ScholarDigital Library
- Jon Davis and Shane Magrath. 2013. A survey of cyber ranges and testbeds. Technical Report. DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION EDINBURGH (AUSTRALIA).Google Scholar
- A. Dembovskis. 2012. Testbed for performance evaluation of SAT-AIS receivers. In 2012 6th Advanced Satellite Multimedia Systems Conference (ASMS) and 12th Signal Processing for Space Communications Workshop (SPSC). 253--257.Google ScholarCross Ref
- N. H. Desso. 2014. Designing a Machinery Control System (MCS) Security testbed, Thesis.Google Scholar
- ENISA. {n. d.}. Critical Infrastructures and Services.Google Scholar
- Igor Nai Fovino, Marcelo Masera, Luca Guidi, and Giorgio Carpi. 2010. An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants. In Human System Interactions (HSI), 2010 3rd Conference on. IEEE, 679--686.Google ScholarCross Ref
- Mengmeng Ge, Jin B. Hong, Walter Guttmann, and Dong Seong Kim. 2017. A framework for automating security analysis of the internet of things. Journal of Network and Computer Applications 83 (2017), 12 -- 27. Google ScholarDigital Library
- A. Ghaleb, S. Zhioua, and A. Almulhem. 2016. SCADA-SST: a SCADA security testbed. In 2016 World Congress on Industrial Control Systems Security (WCICSS). 1--6.Google Scholar
- Jairo Giraldo, Esha Sarkar, Alvaro A Cardenas, Michail Maniatakos, and Murat Kantarcioglu. 2017. Security and privacy in cyber-physical systems: A survey of surveys. IEEE Design & Test 34, 4 (2017), 7--17.Google ScholarCross Ref
- DNV GL. 2015. Ship connectivity. https://doi.org/PositionpaperGoogle Scholar
- Benjamin Green, Anhtuan Lee, Rob Antrobus, Utz Roedig, David Hutchison, and Awais Rashid. 2017. Pains, gains and PLCs: ten lessons from building an industrial control systems testbed for security research. In 10th {USENIX } Workshop on Google ScholarDigital Library
- Emrah Korkmaz, Andrey Dolgikh, Matthew Davis, and Victor Skormin. 2016. ICS security testbed with delay attack case study. In Military Communications Conference, MILCOM 2016--2016 IEEE. IEEE, 283--288.Google ScholarCross Ref
- Emrah Korkmaz, Andrey Dolgikh, Matthew Davis, and Victor Skormin. 2016. Industrial Control Systems Security Testbed.Google Scholar
- Georgia Koutsandria, Reinhard Gentz, Mahdi Jamei, Anna Scaglione, Sean Peisert, and Chuck McParland. 2015. A real-time testbed environment for cyber-physical security on the power grid. In Proceedings of the First ACM Workshop on Cyber- Physical Systems-Security and/or PrivaCy. ACM, 67--78. Google ScholarDigital Library
- H. Lin, A. Slagell, Z. T. Kalbarczyk, P. W. Sauer, and R. K. Iyer. 2018. Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids. IEEE Transactions on Smart Grid 9, 1 (Jan 2018), 163--178.Google ScholarCross Ref
- Ren Liu, Ceeman Vellaithurai, Saugata S Biswas, Thoshitha T Gamage, and Anurag K Srivastava. 2015. Analyzing the cyber-physical impact of cyber events on the power grid. IEEE Transactions on Smart Grid 6, 5 (2015), 2444--2453.Google ScholarCross Ref
- Guylaine M. Pollock, William Dee Atkins, Moses Schwartz, Adrian R. Chavez, Jorge Mario Urrea, Nicholas Pattengale, Michael James McDonald, Regis H. Cas- sidy, Ronald D. Halbgewachs, Bryan T. Richardson, and John C. Mulder. 2010. Modeling and simulation for cyber-physical system security research, develop- ment and applications. (01 2010).Google Scholar
- Aditya P Mathur and Nils Ole Tippenhauer. 2016. SWaT: A water treatment testbed for research and training on ICS security. In Cyber-physical Systems for Smart Water Networks (CySWater), 2016 International Workshop on. IEEE, 31--36.Google ScholarCross Ref
- Estefanía Etchevés Miciolino, Giuseppe Bernieri, Federica Pascucci, and Roberto Setola. 2015. Communications network analysis in a SCADA system testbed under cyber-attacks. In Telecommunications Forum Telfor (TELFOR), 2015 23rd. IEEE, 341--344.Google Scholar
- Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. 2011. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection 4 (08 2011), 88--103.Google Scholar
- Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. 2011. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection 4, 2 (2011), 88--103.Google ScholarCross Ref
- Igor Nai Fovino, Andrea Carcano, Marcelo Masera, and Alberto Trombetta. 2009. An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection 2 (12 2009), 139--145.Google Scholar
- Cuong Nguyen. 2018. NIST Smart Grid and CPS Newsletter-December 2017. (2018).Google Scholar
- NIST. 2010. Cyber Ranges. https://www.nist.gov/sites/default/files/documents/ 2018/02/13/cyber_ranges.pdf. Cyber Security Experimentation and Test ( CSET 17).Google Scholar
- Prageeth Gunathilaka, Daisuke Mashima, and Binbin Chen. 2016. Softgrid: AGoogle ScholarDigital Library
- NIST. 2012. Guide for Conducting Risk Assessments - INFORMATION SECURITY.Google Scholar
- US Department of Defense. 20Reference Architecture Descrip- software-based smart grid testbed for evaluating substation cybersecurity solu- tions. In Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy. ACM, 113--124. Google ScholarDigital Library
- Wes Hardaker, Darrell Kindred, Ron Ostrenga, Dan Sterne, and Roshan Thomas. 2002. Justification and requirements for a national DDoS defense technology evaluation facility. Network Associates Laboratories Report (2002), 02--052.Google Scholar
- Hannes Holm, Martin Karresand, Arne Vidström, and Erik Westring. 2015. A survey of industrial control system testbeds. In Secure IT Systems. Springer, 11--26.Google Scholar
- Junho Hong, Ying Chen, Chen-Ching Liu, and Manimaran Govindarasu. 2015. Cyber-physical security testbed for substations in a power grid. In Cyber Physical Systems Approach to Smart Electric Power Grid. Springer, 261--301.Google Scholar
- William Hurst, Nathan Shone, Abdennour El Rhalibi, Andreas Happe, Ben Kotze, and Bob Duncan. 2017. Advancing the Micro-CI Testbed for IoT Cyber-Security Research and Education. In Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Carlos Becker Westphall, Yong Woo Lee, Bob Duncan, Aspen Olmsted, Michael Vassilakopoulos, Costas Lambrinoudakis, Sokratis K. Katsikas, and Raimund Ege (Eds.). IARIA, 129--134.Google Scholar
- William Hurst, Nathan Shone, Qi Shi, and Behnam Bazli. 2016. MICRO-CI: A Testbed for Cyber-Security Research. In EMERGING 2016: The Eighth International Conference on Emerging Networks and Systems Intelligence. IARIA XPS Press, 17-- 22.Google Scholar
- Sungmo Jung, Jae-Gu Song, and Seoksoo Kim. 2008. Design on SCADA test- bed and security device. International Journal of Multimedia and Ubiquitous Engineering 3 (11 2008).Google Scholar
- Georgios Kavallieratos, Sokratis Katsikas, and Vasileios Gkioulos. 2019. Cyber- Attacks Against the Autonomous Ship. In Computer Security. Springer Interna- tional Publishing, Cham, 20--36.Google Scholar
- Siddhartha Kumar Khaitan and James D McCalley. 2015. Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal 9, 2 (2015), 350--365. tion.https://dodcio.defense.gov/Portals/0/Documents/DIEA/Ref_Archi_ Description_Final_v1_18Jun10.pdfGoogle ScholarCross Ref
- Shiva Poudel, Zhen Ni, and Naresh Malla. 2017. Real-time cyber physical system testbed for power system security and control. International Journal of Electrical Power & Energy Systems 90 (2017), 124--133.Google ScholarCross Ref
- Ishaani Priyadarshini. 2018. Features and Architecture of The Modern Cyber Range: A Qualitative Analysis and Survey. Ph.D. Dissertation.Google Scholar
- Qais Qassim, Norziana Jamil, Izham Zainal Abidin, Mohd Ezanee Rusli, Salman Yussof, Roslan Ismail, Fairuz Abdullah, Norhamadi Ja'afar, Hafizah Che Hasan, and Maslina Daud. 2017. A Survey of SCADA Testbed Implementation Ap- proaches. Indian Journal of Science and Technology 10, 26 (2017).Google ScholarCross Ref
- Carlos Queiroz, Abdun Mahmood, and Zahir Tari. 2011. SCADASim a framework for building SCADA simulations. IEEE Trans. Smart Grid 2 (12 2011), 589--597.Google Scholar
- Bradley Reaves and Thomas Morris. 2012. An open virtual testbed for industrial control system security research. International Journal of Information Security 11, 4 (2012), 215--229. Google ScholarDigital Library
- Luis Sanchez, Luis Munoz, Jose Antonio Galache, Pablo Sotres, Juan R. San- tana, Veronica Gutierrez, Rajiv Ramdhany, Alex Gluhak, Srdjan Krco, Evan- gelos Theodoridis, and Dennis Pfisterer. 2014. SmartSantander: IoT experi- mentation over a smart city testbed. Computer Networks 61 (2014), 217 -- 238. Special issue on Future Internet Testbeds Part I.Google ScholarDigital Library
- Christos Siaterlis and Genge Bela. 2014. Cyber-Physical Testbeds. Commun. ACM 57 (06 2014), 64--73. Google ScholarDigital Library
- Shachar Siboni, Vinay Sachidananda, Asaf Shabtai, and Yuval Elovici. 2016. Se- curity Testbed for the Internet of Things. (10 2016).Google Scholar
- Ahnaf Siddiqi, Nils Ole Tippenhauer, Daisuke Mashima, and Binbin Chen. 2018. On practical threat scenario testing in an electric power ICS testbed. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. ACM, 15--21. Google ScholarDigital Library
- Prateek Singh, Saurabh Garg, Vinod Kumar, and Zia Saquib. 2015. A testbed for SCADA cyber security and intrusion detection. In Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on. IEEE, 1--6.Google Scholar
- Kimberly Tam and Kevin Jones. 2018. Cyber-Risk Assessment for Autonomous Ships.Google Scholar
- Eniye Tebekaemi and Duminda Wijesekera. 2016. Designing an IEC 61850 based power distribution substation simulation/emulation testbed for cyber-physical security studies. In Proceedings of the First International Conference on Cyber- Technologies and Cyber-Systems. 41--49.Google Scholar
- A. Tekeoglu and A. S. Tosun. 2016. A Testbed for Security and Privacy Analysis of IoT Devices. In 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). 343--348.Google Scholar
- Abebe Tesfahun and Lalitha Bhaskari. 2016. A SCADA testbed for inves- tigating cyber security vulnerabilities in critical infrastructures. Automatic Control and Computer Sciences 50 (01 2016), 54--62.Google Scholar
- Jan Vykopal, Radek Oleek, Pavel eleda, Martin Vizvary, and Daniel Tovar?ák. 2017. Kypo cyber range: Design and use cases. (2017).Google Scholar
- Evangelia Xypolytou, Joachim Fabini, Wolfgang Gawlik, and Tanja Zseby. 2017. The FUSE testbed: establishing a microgrid for smart grid security experiments. e & i Elektrotechnik und Informationstechnik 134, 1 (2017), 30--35.Google Scholar
- X. Zheng, L. Pan, H. Chen, R. D. Pietro, and L. Batten. 2017. A Testbed for Security Analysis of Modern Vehicle Systems. In 2017 IEEE Trustcom/BigDataSE/ICESS. 1090--1095.Google Scholar
Recommendations
Towards Independent In-Cloud Evolution of Cyber-Physical Systems
CPSNA '14: Proceedings of the 2014 IEEE International Conference on Cyber-Physical Systems, Networks, and ApplicationsThe capabilities of Cyber-Physical Systems (CPSs) are increasingly being extended towards new composite services deployed across a range of smart sensing and controlling devices. These services enable the emergence of multiple end-to-end cyber-physical ...
Cyber-physical systems security: Limitations, issues and future trends
AbstractTypically, Cyber-Physical Systems (CPS) involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the ...
Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems
AbstractAttack graphs are a fundamental security tool focused on depicting how multi-stage attacks can be carried out through a network to compromise specific assets and systems. While attack graphs have been widely utilised in the IT cyber domain, their ...
Comments