All over the world Cyber attacks are becoming increasing in number and sophistication. Many organizations in Europe and the US have been crippled by a ransomware attack such as “Petya” , WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries. Number of incidents such as the Stuxnet worm affecting the Iranian nuclear plant, cyber attack induced power outage in Ukraine and Israel, attack on German steel plant, attack on New York hydro-electric plant etc., has raised concern among cyber security researchers.
There are many threats facing critical infrastructure today.The most famous threats in this day and age are the threatsposed by terroristic groups and hostile nation states. Theseare organized groups with a clear goal and some level ofsophistication. There is also a threat posed by a company’sown employees. Company insiders have access to internalcontrols and data, and either by accident or malicious intentcan cause equipment outages. A third category of threat isthe threat posed by casual hackers, known as ”script kiddies”.These are people without great computer ability who downloadand use prepackaged tools.
New technologies are increasing the vulnerability of the critical infrastructure to cyber security threats. With the advent of ‘smart’ infrastructure systems that integrate digital communications and controls with physical control systems and human operators or beneficiaries. These infrastructures and their services have created more new vulnerabilities than would exist if the sub-systems were isolated from one another. Sophisticated cyberattacks can exploit these vulnerabilities to disrupt or even completely disable the operations of our critical infrastructures and their services. The recent embrace of Internet of Things (IoT), autonomous driving, and cloud computing will further exacerbate the cybersecurity problem.
Dealing with these threats and determining vulnerabilities is an important task for utilities. It is common practice in modern cyber security analysis to utilize Operational networks that is real systems of computers, routers, switches, firewalls, etc. to analyze the interplay between cyber threats and safeguards. However, using operational networks for cyber security testing has many disadvantages. Firstly, there is a high risk of adverse impacts on that network and its services. Secondly, operational networks cannot be fully controlled, so tests are not generally repeatable as required for rigorous experimentation.
Determining the vulnerabilities of systems using thesedevices is a complicated process because of the complexhardware and software interactions that must be considered. One approach is to build a comparatively simple system that captures the relevant complexity i.e. a Cyber testbed could be a key element in dealing with this threat by assessing the vulnerabilities, testing critical infrastructure on cyber responsiveness for research & development, for awareness and training, for standards and norms, etc.
Therefore, many Cyber test beds have been developed for a number of specialized areas including: LAN/WAN enterprise equipment, telecommunications carriers, SCADA systems, data-centers, for example servers, SANs, clusters, MILCOMs networks, mission critical control systems, for example avionics and end-user environments, for example desktop SOEs, smart phones, printers, MFDs. Some of the few well-known Internet event simulators and
testbeds are Emulab: “a configurable Internet emulator in a room;” DETER: “an evolving infrastructure—facilities, tools, and processes—to provide a national resource for experimentation in cyber security;” and PlanetLab: “a safe and secure environment for testing and operating peer-to-peer algorithms and monitoring their activities.”
There are many testbeds, physical, virtual and simulations for critical infrastructures and cyber systems. Furthermore, it is extremely difficult for one organization to have all the required expertise to perform research and development on these heterogeneous testbeds, and it is cost prohibitive to own and manage these testbeds. One of the project of ACL of COIC is exploring innovative techniques to allow seamlessly composition of a federated testbed that consists of several heterogeneous testbeds include virtual cybersecurity testbeds, IoT testbeds and cyber-physical testbeds.
US Defense Technology Experimental Research (DETER) test bed
DETER — which stands for cyber DEfense Technology Experimental Research –is one such cyber testbed funded by Department of Homeland Security, the National Science Foundation, and the Department of Defense. DETER seeks to transform cyber security research into a rigorous, experimental science by creating the advances in methods and technologies — through research, an advanced testbed facility where leading researchers and academics conduct critical cybersecurity experimentation and educational exercises.
“DETERLab emulates real-world complexity and scale necessary to evolve next generation solutions to help protect against sophisticated cyber-attacks and network design vulnerabilities.”
Cyber Physical Testbeds for Critical Information Architecture
Cyber physical systems (CPS) are networks of software managed devices that interface with mechanical components
and influence/monitor the physical world via sets of inputs and outputs. In large facilities, workers need a way to monitor and control the activities of CPS. For this task, supervisory control and data acquisition (SCADA) software is deployed. SCADA is capable of communicating with the underlying control systems while simultaneously providing an interface for the workers to monitor and govern those systems.
Today’s electric grid increasingly uses “smart” devices that can be controlled remotely — letting operators manage the grid better and more efficiently. But as the electric grid becomes smarter, it also becomes more vulnerable to hackers. Recently hackers knocked out dozens of Ukraine’s power substations, blacking out more than a hundred cities and partially blacking out nearly 200 more.
DARPA has launched the RADICS program with objective to develop technologies for detecting and responding to cyberattacks on critical U.S. infrastructure, with an ultimate goal of enabling cyber and power engineers to restore electrical service within seven days in the event of a major attack.
Jacobson and Manimaran Govindarasu, Iowa State’s Ross Martin Mehl and Marylyne Munas Mehl Computer Engineering Professor, are developing a high-fidelity, open-access testbed to help secure the power grid. They call it “PowerCyber” and it’s designed to do vulnerability analysis, risk assessment, attack-defense evaluations and other tests.
The power grid is a complex cyber-physical system, Govindarasu said. There are the communication networks with Internet connections, algorithms and software. Then there are the power lines, towers, sensors, relays, actuators and other hardware.
PowerCyber integrates all of those elements – including actual relay equipment and other hardware – then adds sophisticated models of the grid system and virtual Internet technology. That Internet technology is based on ISEAGE (pronounced “ice age,” the Internet-Scale Event and Attack Generation Environment), a controlled, simulated Internet for cyber security studies. Jacobson developed the technology at Iowa State with support from the U.S. Department of Justice. “We can use this testbed to run attacks and see the consequences on the power system,” Govindarasu said. “If it’s a blackout, how do we mitigate that? We can also prepare for these attacks and for our defenses.”
Erfan Ibrahim and his team at NREL’s Cyber Physical Systems Security and Resilience Center has launched an effort to build the Test Bed for Secure Distributed Grid Management. It’s a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility’s power distribution system, the part of the power grid that carries power from substations to homes and businesses.
“In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn’t work from a protection perspective,” Ibrahim said. “Now we’re sharing our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to systemically protect critical infrastructure.”
Military Cyber ranges or testbeds
Cyber warfare is developing into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures. It’s widely acknowledged that offensive cyberattacks will be a necessary component of any future military campaign, and the advanced cyberweapons are being developed now.
Militaries are employing cyber ranges or testbeds to carry out realistic military exercises with realistic IT platforms, Networks and systems for training related to network attack and defense scenarios, mimicking real-world scenarios in the lab so that they can train as they would fight. They need to ensure that their mission-critical war-fighting infrastructure performs adequately in a time of war. This holds true for all pertinent elements of wartime architecture, from the radio equipped soldier on the ground, to command and control elements, to various service elements, and the often times extraordinarily complex networks in between.
With rise in cyber threats and growing acceptability of cyber warfare, cyber testbeds are becoming essential capability for militaries and governments to assess their capabilities to combat potential cyber security threats. They also provide facility to perform experiments and tests on emerging new technologies for cyber-attacks mitigation. Testbeds also provide facility to test and validate strategies, tactics, inter-operability, functionality and performance of solutions for cyber warfare defense and offense.
US Army Aviation and Missile Research, Development and Engineering Centre (AMRDEC) testbed
AMRDEC has built a Cyber Security Test Bed (CSTB) for performing engineering assessments of the cyber resiliency of various AIAMD (Army Integrated Air and Missile Defense) components. The AIAMD system uses the Integrated Fire Control Network (IFCN) to perform its communications and networking functions.
AMRDEC uses JNE to emulate the IFCN within the testbed. The StealthNet cyber attack and defense library in JNE is used within the CSTB to perform cyber and EW attacks on the virtual network to analyze the likely impact of such attacks on the systems.
CSTB will leverage a mix of live, virtual, and constructive components. Its goal is to provide a controlled, validated, and repeatable test environment that can test both legacy and new systems, and scale from running component level tests that can be effectively scaled to the test of an entire system of systems. CSTB will provide an effective environment that can provide a mechanism to test blue systems against cyber threats that are continuously evolving and growing and will support such tests throughout the product lifecycle. We created an environment and methodology for testing blue systems against cyber-attacks in order to discover and validate vulnerabilities and to assess mission impact.
US Navy Cyber testbeds
SILVER SPRING, Md. Resolvn, cybersecurity training environment developer, won a contract to develop and maintain the U.S. Navy’s high-fidelity virtual training range on the Persistent Cyber Training Environment (PCTE) platform.
Consisting of fourteen connected networks including those of a power plant, multiple internet service providers, a Department of Defense facility, municipal buildings, and others, the range’s modular design is intended to allow training managers to deploy instances of any, or all, of the fully functioning networks.
According to the company, this virtualization of real-world environments will reduce the time required to implement individual and team defensive or offensive training, allowing sailors to train regularly in near-to-spec networks with automated internal and external traffic generation and user emulation.
US Navy builds new virtual cyber test bed USS Secure
The US Naval Surface Warfare Center Dahlgren Division (NSWCDD) is developing a virtual cyber test bed, USS Secure, in collaboration with three navy system commands, cyber defence leaders, and experts from coast-to-coast. USS Secure will reproduce a naval warfare like scenario by building a distributed testbed environment of real and virtual systems to simulate live systems. It will allow the assessment of navy’s capabilities to combat potential cyber security threats and shield navy surface undersea, and air warfare systems against the effects of a cyber-attack, and can briskly salvage a system after being corrupted.
It would facilitate navy’s development, evaluation, and testing of cybersecurity concepts and technologies to shield mission critical systems at sea and ashore. NSWC Philadelphia cybersecurity systems engineer for hull, mechanical and electrical systems aboard navy nuclear aircraft carriers Dennis Schaeffer said: “We can use the USS Secure distributed test environment to test multiple systems located in different geographic areas without trucking racks of equipment to different labs and warfare centres.”
“Follow on activities will add fidelity and representative systems into the varying enclaves to ultimately instantiate an entire strike group, surface, subsurface, and airborne.” The USS Secure research was funded by Naval Innovation for Science and Engineering (NISE) funds and will witness the participation of 28 cybersafe shipbuilders.
Israel, US to Integrate Cyber Test Beds
US DHS is working with Israeli counterparts to integrate an Israeli cyber experimentation center into the US Defense Technology Experimental Research (DETER) test bed. DHS Cyber Security Director Douglas Maughan ranked Israel among the top 10 partner nations for cooperative research and development.
“Cyber is a team sport,” Maughan told conference participants here. “Advanced research and development has global economic and national security implications for all of us. We have an aggressive agenda with $75 million in annual funding … [and] Israeli NCB and Israeli companies are welcome to respond to our research solicitations.” Recently, the Israeli cabinet has approved establishment of National Cyber Authority to bridge security and civilian sectors and that will operate as a single directorate within the prime minister’s office.
Cyber security analysis testbed: Combining real, emulation, and simulation
Cyber security analysis tools are necessary to evaluate the security, reliability, and resilience of networked information systems against cyber attack. It is common practice in modern cyber security analysis to separately utilize real systems of computers, routers, switches, firewalls, computer emulations (e.g., virtual machines) and simulation models to analyze the interplay between cyber threats and safeguards.
In contrast, Sandia National Laboratories has developed novel methods to combine these evaluation platforms into a hybrid testbed that combines real, emulated, and simulated components. The combination of real, emulated, and simulated components enables the analysis of security features and components of a networked information system.When performing cyber security analysis on a system of interest, it is critical to realistically represent the subject security components in high fidelity. In some experiments, the security component may be the actual hardware and software with all the surrounding components represented in simulation or with surrogate devices.
Sandia National Laboratories has developed a cyber testbed that combines modeling and simulation capabilities with virtual machines and real devices to represent, in varying fidelity, secure networked information system architectures and devices. Using this capability, secure networked information system architectures can be represented in our testbed on a single, unified computing platform.
This provides an “experiment-in-a-box” capability. The result is rapidly-produced, large-scale, relatively low-cost, multi-fidelity representations of networked information systems. These representations enable analysts to quickly investigate cyber threats and test protection approaches and configurations.
Federated Cybersecurity Testbed as a Service (FCTaaS)
There are many testbeds, physical, virtual and simulations for critical infrastructures and cyber systems. Furthermore, it is extremely difficult for one organization to have all the required expertise to perform research and development on these heterogeneous testbeds, and it is cost prohibitive to own and manage these testbeds. However, to understand the interdependency among these testbeds and their implications on cybersecurity issues and how to develop effective defense solutions, researchers and educators need to have full access to federated testbeds that accurately represent their operations and their interdependencies.
It is important to be able to compose several testbeds into one federated testbed that includes smart devices and sensors, IoT devices, cloud systems, smart grids, smart buildings, etc. (ultimately what is known as smart cities or smart governments). These federated testbeds can then be used to train students on how to analyze the normal operations of the composed testbeds, identify their interdependencies, vulnerabilities and how they can be exploited to lunch sophisticated cyberattacks, how to develop innovative defend techniques, and how to protect them.
The main goal of this project is to explore innovative techniques to allow seamlessly composition of a federated testbed that consists of several heterogeneous testbeds include virtual cybersecurity testbeds, IoT testbeds and cyber-physical testbeds. There are currently many isolated cybersecurity and cyber-physically testbeds but currently there are no methodologies and tools to automatically build a federated testbed (a testbed of heterogeneous testbeds).
The availability of such a federated testbed that can be ubiquitously accessed as a cloud service to address important research issues related to future cyberspace applications and services such as:
1. How do we model, and predict operations and interactions among complex, large, heterogeneous, and dynamic federation of cybersecurity and cyberphysical testbeds?
2. How do we secure and protect smart infrastructure resources and services and their interactions under normal and abnormal situations that may be caused by nature, accident, or malicious actions?
3. How do we develop an innovative teaching and training experiments to provide hands-on experiences on how to discover existing or newly created vulnerabilities within an infrastructure or caused by the interactions with other infrastructures, detect and protect their operations against malicious attacks.
4. The development of the federated testbed will explore the following research issues: a. How to seamlessly compose several testbeds (some completely virtual, some physical)? b. How to schedule experiments on these heterogeneous testbeds that are managed and controlled by different organizations? c. How to securely access geographically dispersed heterogeneous testbeds and maintain privacy of users and their experiments that are running on cross-domain resources? d. How to manage the global time so one event in one testbed and its impacts on another testbed can be evaluated?
The architecture provides a service oriented architecture to allow the researchers and educators to publish security experiments for research and training. In addition, the FCTaaS will allow researchers to add their security testbeds to FCTaaS list of supported testbeds.
There are many challenges to develop the proposed federated cybersecurity testbed as a service (FCTaaS), and this proposal will allow us to explore innovative techniques in order to overcome the research challenges of developing a multi-domain collaborative and federated testbed environment.
Initially, we will collaborate with the researchers at University of Detroit Mercy (UDM) to add their Ford Breadboard Smart Car testbed. The initial list will include the UA IoT Testbed, Virtual Cybersecurity Testbed that is currently hosted on Amazon public cloud, and our Wireless Security Testbed. The FCTaaS architecture shown in Figure 1 will utilize open communication standards and security tools that are developed at the NSF Center for Cloud and Autonomic Computing to maintain the security and privacy of the federated security testbed. These services will allow heterogeneous testbeds to communicate their data syntactically and semantically (so we can understand the data semantics and the dependencies among these testbeds). The Experiment management services will also allow users to configure the required testbeds and their interactions, manage the global time among all testbeds used in the experiment, and also adopt these testbeds as required by the experiment goals.