Metrics
39 Record Views
Book chapter
Laboratory Exercises to Accompany Industrial Control and Embedded Systems Security Curriculum Modules
Cybersecurity and Privacy in Cyber-Physical Systems, pp.185-213
CRC Press, 1
2019
Abstract
The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. This successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this critical need, we designed, developed and implemented ICS and ES security curriculum modules with pertinent hands-on laboratory exercises that can be freely adopted across the national setting. This paper describes in detail the modules and the accompanying exercises and proposes future enhancements and extensions to these pedagogical instruments. It highlights the interaction between control and embedded systems security with Presidential Policy Directive 8- the National Preparedness Plan (NPP), cyber risk management, incident handling. To establish the premise the laboratory exercises were developed. This chapter outlines the description and content of the modules in the areas of (1) Industrial Control Systems (ICS) Security, (2) embedded systems (ES), and (3) guidelines, standards, and policy.
The ICS security modules cover the predominant ICS protocols, ladder logic programming, Human Machine Interface (HMI), defensive techniques, ICS reconnaissance, vulnerability assessment, Intrusion detection, and penetration testing. The ES security modules include topics such as secure firmware programming and authentication mechanisms. In the guidelines, standards, and policy section, the topics covered by the modules include the NPP as it relates to CI protection, risk management, system protection and policy design, and managing operations and controls. An overview of the various hands-on exercises that accompany the course modules is also presented. Further, to evaluate the effectiveness of the pedagogical materials, an initial evaluation was conducted and the survey data were collected, analyzed, and presented. The paper concludes with future enhancements and directives on opportunities for module extensions and course adoption.
In June 2017, the National Institute of Standards and Technology (NIST) published the first revision to the NIST SP 800-12 document, which contains guidelines that addresses the assessment and analysis of security control effectiveness and security posture of an organization. This chapter provides details on the design and implementation of embedded systems (ESs) and industrial control systems (ICSs) security curriculum resources. It presents lessons learned at various information security conferences and offers mini-training workshops to widely disseminate the learning module to the Center for Academic Excellence (CAE) community. The ongoing project will build on the success of the concluded ICS workshop to effectively fill a void in cybersecurity training for the CAE community and the Department of Defense (DoD) training personnel across the nation. It will have significant contributions to the Cybersecurity National Action Plan (CNAP) on addressing the expansion of the national cybersecurity workforce.
Related links
Details
- Title
- Laboratory Exercises to Accompany Industrial Control and Embedded Systems Security Curriculum Modules
- Edition
- 1
- Publication Details
- Cybersecurity and Privacy in Cyber-Physical Systems, pp.185-213
- Resource Type
- Book chapter
- Publisher
- CRC Press
- Copyright
- © Taylor & Francis
- Identifiers
- 99380557596006600
- Academic Unit
- Center for Cybersecurity
- Language
- English