Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases

被引:13
作者
Ani, Uchenna P. Daniel [1 ]
Watson, Jeremy M. [1 ]
Green, Benjamin [2 ]
Craggs, Barnaby [3 ]
Nurse, Jason R. C. [4 ]
机构
[1] Department of Science Technology Engineering and Public Policy, University College, London
[2] Computing and Communications, Lancaster University
[3] Department of Computer Science, University of Bristol
[4] School of Computing, University of Kent
来源
Journal of Cyber Security Technology | 2021年 / 5卷 / 02期
关键词
cyber security simulations; ICS testbeds; model credibility; security modelling; security simulations;
D O I
10.1080/23742917.2020.1843822
中图分类号
学科分类号
摘要
This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs. © 2020 Informa UK Limited, trading as Taylor & Francis Group.
引用
收藏
页码:71 / 119
页数:48
相关论文
共 79 条
[1]  
Gardiner J., Craggs B., Green B., Et al., Oops I did it again : further adventures in the land of ICS security testbeds, Proceedings of the 2019 Workshop on Cyber-Physical Systems Security and Privacy, (2019)
[2]  
Qassim Q.S., Jamil N., Daud M., Et al., A review of security assessment methodologies in industrial control systems, Inf Comput Secur, pp. 1-15, (2019)
[3]  
Rashid A., Gardiner J., Green B., Et al., Everything is awesome! or is it? Cyber security risks in critical infrastructure, Critical Information Infrastructures Security - 14th International Conference, CRITIS,  Linköping, Sweden. 2019, pp. 3-17, (2019)
[4]  
Davis J., Magrath S., A survey of cyber ranges and Testbeds, (2013)
[5]  
Krotofil M., Larsen J., Isakov A., Et al., Rocking the pocket book: hacking chemical plants for competition and extortion, DefCon Conference (DefCon 23), pp. 1-52, (2015)
[6]  
Christiansson H., Luiijf E., Creating a European SCADA Security Testbed, Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, 253, pp. 237-247, (2008)
[7]  
Frank M., Leitner M., Pahi T., Design Considerations for cyber security Testbeds: A case study on a cyber security testbed for education, 15th International Conference on Dependable, Autonomic and Secure Computing, IEEE 15th International Conference on Pervasive Intelligence and Computing, IEEE 3rd International Conference on Big Data Intelligence and Compu 2018, Orlando, FLorida, USA, pp. 38-46, (2018)
[8]  
Holm H., Karresand M., Vidstrom A., Et al., A Survey of Industrial Control System Testbeds, Lecture notes in computer science (including subseries Lecture Notes in Artificial intelligence and lecture notes in bioinformatics), NordSec 20, 9417, pp. 11-26, (2015)
[9]  
Holm H., Karresand M., Vidstrom A., Et al., A survey of industrial control system Testbeds, Secure IT systems. Lecture notes in computer science, 9417, pp. 11-26, (2015)
[10]  
Salunkhe O., Gopalakrishnan M., Skoogh A., Et al., Cyber-physical production testbed: literature review and concept development, Procedia Manuf, 25, pp. 2-9, (2018)
12345678