ICS TestBed Framework

A scalable framework for automatically deploying locally (or remotely) a number of virtual machines that replicate a Supervisory Control And Data Acquisition (SCADA) network is proposed. This includes multiple virtual hosts emulating sensors and actuators, with a Human Machine Interface (HMI) controlling the hosts. The presented framework contains a collection of automation scripts which build and deploy a variable number of virtual machines, pre-configured to act as either a Remote Terminal Unit (RTU), HMI or Data Historian. The presented work includes a standards compliant implementation of IEC 60870-5-104 (IEC104) and OPC Unified Architecture (OPC-UA), with the capability to support other protocols such as Modbus-TCP (Modbus) and IEC61850.

This allows researchers to build testbeds that can be configured to replicate real-world deployments of SCADA networks. The framework builds upon open source libraries and is released under the Free Software Foundation approved licence, GNU General Public License version 3.

Example Operation

asciicast

Potential Use Cases

Build and run locally

Clone the repository and install the required dependencies:

git clone --recurse-submodules [email protected]:PMaynard/ICS-TestBed-Framework.git
sudo apt install openjdk-8-jdk maven

Build:

mvn clean package
mvn package -DskipTests # Skip tests.

Start up a RTU:

java -jar node/target/node-1.0.jar
shell> rtu
shell> rtu-iec104port 2404
shell> rtu-listen 127.0.0.1
shell> run

Start up a HMI:

java -jar node/target/node-1.0.jar
shell> hmi
shell> hmi-interval 1000
shell> remote-hosts 127.0.0.1
shell> run

Auto Deploy in VMs

The default configuration profile will deploy 1 HMI and 4 RTUs. The HMI will integrate the RTUs using the IEC104 and OPC-UA. The RTUs are configured to return random process data.

Prerequisites (Vagrant+VirtualBox)

Use the latest version of Vagrant over the pre-built/distribution packages as these scripts use features from the latest versions of Vagrant. Should be fine if using Ubuntu 18.04.1 LTS.

git clone https://github.com/mitchellh/vagrant.git /opt/vagrant
cd /opt/vagrant
bundle install
bundle --binstubs exec
ln -sf /opt/vagrant/exec/vagrant /usr/local/bin/vagrant 

[OPTIONAL] Create VM Image

This is an optional development step. It builds a virtual machine image, pre-configured to run the testbed nodes. If you don't want to create the latest version, the default option is get a stable image from Vagrant's image repository which stays in step with the master branch.

Packer is used to create a virtual machine image suitable for VirtualBox and Vagrant:

cd vagrant_image
packer build vagrant-node.json
vagrant box add testbed-node vagrant.box

Deploy

WARNING You will need at least 4GB of free RAM.

Update the Vagrantfile with any additional information, such as static IP address and RAM usage.

The default IP settings are 10.50.50.*. .200 is used for HMI and 101-105 for RTUs. The default RAM allocated per VM is 512MB.

vagrant up
vagrant ssh hmi
vagrant ssh rtu-1 # 1-5
vagrant halt
vagrant destroy 

Example Dataset

An example dataset was created, using the default deployment configuration. PCAPs can be downloaded from here. The IEC104 MITM was performed using the ettercap plugin located here

A numerical break down of the dataset is shown below:

Host IP IEC104 OPC-UA Other Total
HMI 10.50.50.150 26,158 0 17,688 43,846
Historian 10.50.50.151 0 14,695 14,927 29,622
RTU-1 10.50.50.101 3,592 2,940 5,543 12,075
RTU-2 10.50.50.102 3,665 2,941 5,876 12,482
RTU-3 10.50.50.103 3,668 2,940 5,793 12,404
RTU-4 10.50.50.104 3,690 2,940 5,771 12,404
RTU-5 10.50.50.105 3,576 930 7,933 12,442
MITM 10.50.50.99 2,390 0 3,449 5,839
SCAN 10.50.50.3 15 0 28,351 28,366

Related Projects

Citation

Please cite this framework using the following format:

@conference{
 author   = "Peter Maynard and Kieran McLaughlin and Sakir Sezer",
 title    = "An Open Framework for Deploying Experimental SCADA Testbed Networks",
 journal  = "5th International Symposium for ICS & SCADA Cyber Security Research",
 year     = "2018"
}

The dataset can be cited using DOI: 10.6084/m9.figshare.6133457.v1

The full paper can be found at: https://petermaynard.co.uk/publication/an-open-framework-for-deploying-experimental-scada-testbed-networks/