Applications of simulation in the evaluation of SCADA and ICS security
Date
2020
Authors
Reutimann, Brandt R., author
Ray, Indrakshi, advisor
Gersch, Joseph, advisor
Young, Peter, committee member
Journal Title
Journal ISSN
Volume Title
Abstract
Power grids, gas pipelines, and manufacturing centers provide an interesting challenge for cybersecurity research. Known as supervisory control and data acquisition systems (SCADA), they can be very large in scale and consist of hundreds to thousands of physical controllers. These controllers can operate simple feedback loops or manage critical safety systems. Following from this, cyber-attacks on these controllers can be extremely dangerous and can threaten the distribution of electricity or the transmission of natural gas that powers electrical plants. Since SCADA systems operate such critical infrastructure, it's important that they are safe from cyber-attacks. However, studying cyber-attacks on live systems is nearly impossible because of the proprietary nature of the systems, and because a test gone wrong can cause substantial irreversible damage. As a result, this thesis focuses on an approach to studying SCADA systems using simulation. The work of this thesis describes considerations for developing accurate and useful simulations as well as concerns for cyber vulnerabilities in industrial control environments. We describe a rough architecture for how SCADA simulators can be designed as well as dive into the design of the SCADA simulator built for research at Colorado State University. Finally, we explore the impact of falsified sensor readings (measurement attacks) on the safety of the natural gas pipeline using simulation. Our results show that a successful measurement attack on a gas system requires a sophisticated plan of attack as well as the ability to sustain such an attack for a long period of time. The results of this work show that a gas system reacts slower than would be expected of a typical electrical system.
Description
Rights Access
Subject
gas pipelines
SCADA
cybersecurity
simulation
industrial control systems