Irfan Ahmed - IEEE Web Hosting€¦ · Irfan Ahmed Assistant Professor Department of Computer...
Transcript of Irfan Ahmed - IEEE Web Hosting€¦ · Irfan Ahmed Assistant Professor Department of Computer...
Irfan Ahmed
Assistant ProfessorDepartment of Computer Science
University of New Orleans
1"
! An ICS Testbed at UNO
! Research & Pedagogy
! Assistant Professor of Computer Science at the University of New Orleans
! Research Areas! Digital Forensics! Industrial Control Systems (ICS)! Security via Virtualization
! Cybersecurity Education! cs.uno.edu/~irfan
! Control system is a device or set of devices that regulate the behavior of other devices or systems
Control System Component
Input; Stimulus Output; Response
– Input " typically sensors – Output " actuators to control other device
! A thermostat is a simple control system that ! senses the temperature, and ! turns a heater on or off to maintain the temperature
at a set point
Room Temperature
Turn on/off
! ICS are typically used to automate industrial processes ! e.g., power generation, and water filtering
! Conveyor belt – example! Programmable Logic Controller (PLC)! Proximity Sensor
! Servo drive
! SCADA " Supervisory Control and Data Acquisition
! Are highly distributed systems ! Provides centralized data acquisition,
monitoring, and control in real time
Historian
Power Distribution
EtherNet/IP
HMI
Modbus
EthernetSwitch
Field Site 1
Control Center
Gas Pipeline
Field Site 2
Wastewater Treatment
Field Site 3
PROFINET
PLCPLCPLC
! Cyber attacks and Vulnerabilities! Cyber attacks on the testbed vs. similar ICS
systems in industry! Small scale physical model put limitations
! does not offer a large set of parameters and variables from physical process
! Limited data for network traffic analysis! Limited number of PLCs and ICS protocol
support
! Research Prototype Evaluation! Testing on testbed enforces the constraints of a
typical ICS system! 24/7 availability requirement of ICS services! Resource-constrained embedded devices! Interaction of cyber and physical worlds! ICS communication protocols
! Difficult to add security functionalities in PLCs! proprietary firmware/OS ! Limited tools/techniques to access and modify
firmware/OS code in PLC
! Useful for Digital Forensic research! Tools and techniques to extract and analyze
digital artifacts from ! HMI and other ICS services! PLCs! ICS Network traffic
! Demonstration of physical processes! Varied programming software support
! PLCs of three vendors, each using different programming software
! Schneider Electric - SoMachine Basic! Allen-Bradley - Studio 5000! Siemens - SIMATIC STEP 7
! Varied ICS protocol support! EtherNet/IP! Modbus! PROFINET
! Topics! Introduction to industrial control
systems (ICS)! PLC programming! ICS network protocols! ICS vulnerabilities and cyber attacks! ICS security solutions
! Hands-on! PLC: Allen-Bradley’s Micrologix 1400 B! Program PLC to control Traffic Lights! Implement man-in the middle attack
! PLC Vendors! GE, Mitsubishi, Allen Bradley, Omron, WAGO,
Siemens, Automation Direct, and Schneider! PLCs
! Micro820, ControlLogix, 1214 TIA, CJ1M, and Fanuc 90/30
! Protocols! CC Link, PROFINET, DNP3, Modbus, EtherNet/IP,
PCCC, BAC, FL-Net, MC, FINS, and CJ2,
! No fieldbus I/O support! No connectivity with the cloud! No IoT appliances in the testbed
! So called industrial internet of things
Irfan&Ahmed&[email protected]""504"3"280"3"4409"
Contact&me&"&&