A Truly Portable SCADA Security Simulator

It has been almost 25 years since I first started working in the industrial network field and 15 years since I first focused on SCADA and ICS security.  From the start, I have been amazed at how difficult it is to get people to see the whole picture.

For example, control engineers know what a PLC or control loop is, but constantly underestimate the impacts that cyber threats have on their industrial processes.  IT professionals understand the risks, but often don’t understand the processes and components.

Even if you understand both, getting your hands on an industrial system for testing, development or training has been close to impossible.  Assembling all the PLC, I/O, process and HMI components is expensive. Developing a realistic scenario (beyond some flashing lights) is amazingly time consuming.

The first SCADA security simulator, at BCIT in 2002. It was very effective, but not portable!

 

While I was a researcher at BCIT1, I was very lucky when it came to realistic test environments.

My research team, partnering with Jim Armstrong’s outstanding instrumentation group, assembled some pretty impressive industrial and network architectures which we could attack (and defend) at our leisure.

Unfortunately, this set-up was far from portable!  Unless someone actually travelled to BCIT, it was pretty useless as a shared educational or testing tool.

The Quests for a Portable SCADA Security Simulator

About five years ago, I decided I had to have a portable simulator I could take to my security talks.  The device I had in mind had to meet these requirements:

  1. It could be set up and completely explained to anyone, regardless of their technical background, in less than five minutes.
  2. It realistically represented an industrial process.
  3. It was small enough to be carried onto airplanes as hand luggage.
  4. It could get past airport security screening tests.

Once we built the first simulator, we quickly found that it was also handy in our lab as a development and testing tool. For example, when we were developing the Tofino Modbus Enforcer Firewall, we used the simulator to test the impact that the firewall might have on the operation of a real control loop (the impact is so little as to be undetectable, by the way).

The design evolved over the years and we progressively added features like zero-day attacks, smaller carrying cases and a more realistic process control system. When people saw the unit at shows, they asked if we could build them one too.  At first we built a few, but it quickly got out of control.  To date we have built over 50 of the units for other researchers, security companies, government labs and company training facilities.

The Tofino SCADA Security Simulator

Our demo unit has become so popular that we have decided to offer it as a new product that we are releasing today.

Called the Tofino SCADA Security Simulator (TSSS), it is now a complete control system in a box including:

  • A simulated gas compressor system on a demo panel
  • A widely deployed PLC with 18 digital I/O (expandable)
  • A cyber attack via USB key or specially infected PDF document
  • A Tofino Security Appliance, complete with all the optional loadable security modules
  • A netbook computer with HMI software and the Tofino Central Management Platform
  • Simple step-by-step instructions so anyone can demonstrate SCADA / ICS operations, security risks and security solutions

 Eric Byres demonstrating the Tofino SCADA Security Simulator for SC Magazine at the AusCERT conference (May, 2011)

Full Disclosure: since this is our own product you know I am biased about it.  However, I hope you will read on to learn what Joel Langill, a respected SCADA security consultant has to say about it, plus some final thoughts from me.

Joel Langill, SCADAHacker.com, on the Tofino SCADA Security Simulator

Joel has been using the TSSS for six months. Here are his remarks on it:

"Despite the recent events around SCADA security including Stuxnet's destructive attack on a production process, and the vulnerabilities that have recently been disclosed on major control equipment, cyber security is still something foreign to many of those involved in the manufacturing sector. The Tofino SCADA Security Simulator allows me to effectively demonstrate a cyber attack on a process, and how the Tofino Security Appliance (TSA) can easily be implemented to stop these attacks."

"You can only be so effective when trying to explain cyber security to someone using a deck of PowerPoint slides.  When you shift the discussion to an actual demonstration showing both an attack and a successful mitigation to an attack, people find it much easier to understand."

"As a security consultant, I use the TSSS not only for simple demonstrations of cyber security controls, but also to implement various security strategies in an offline manner, and develop corresponding TSA configuration schemes which can be applied to online production systems.  I use the TSSS with a variety of SCADA / HMI applications and associated field control equipment like PLCs, RTUs, and application servers."

A Tool for Improving SCADA Security

After all these years of struggling to get the message out, I believe that by bringing together the core components of a control system into one cohesive and portable package, we have created a very useful tool for communicating the potential impact of cyber threats.

Of course I am not impartial on this, but I think my team has created an excellent platform for testing, research or training in the SCADA and ICS security field. If you are interested in the TSSS or have any suggestions for additional use cases or process scenarios please let me know.
1British Columbia Institute of Technology

Related Links

 

RSS Feed Subscribe to the "Practical SCADA Security" news feed

Comments

3

Hello Eric,

I am setting up a Cyber Security Lab / demonstrator envirmonment (mainly for government and large companies).
One of the subjects to bring to their attention is Scada security. I think you have an excellent simulator to do that!

What will be the price for us in a lab of the Dutch government research organisation?

Best regards,

Roy Mente

www.tno.nl

Hello Roy,

Thanks for your interest in the Tofino SCADA Security Simulator.

I will contact you directly regarding pricing. (If you would like to email me, my details are below.)

Kind regards,
Brian Kline
brian.kline@tofinosecurity.com

A a current graduate student at Regis University one of the areas of interest is related to securing SCADA systems. The Information Assurance Program I'm currently enrolled in has an associated practicum that provides students the ability to perform network penetration. In addition, Regis University sponsors the Rocky Mountain Collegiate Cyber Defense Competition. One of the areas that is lacking both in the practicum and the RMCCDC is within SCADA systems. Any information you may be able to provide to included pricing would be appreciated.

Add new comment