A virtual testbed for security management of industrial control systems

Industrial Control Systems (ICS), at the heart of critical infrastructures, have been developing into more and more powerful tools over the years with the incorporation of networking and cyber, among other, technologies. As with great power comes great risks, ICS's inherited risks and vulnerabilities not only from the cyber domain but also gave rise to unique security risks and vulnerabilities. Security management, i.e., identifying vulnerabilities, assessing threats, preventing and tolerating malicious and harmful activities, mitigating and recovering from attacks, etc., for ICS's have been identified as a key, if not the key, area for the protection of critical infrastructures. The importance of a test-bed mimicking a real-life ICS and having capabilities to support ICS security management is paramount. In this paper, after briefly surveying the vulnerabilities in ICS and surveying the existing ICS test-beds, we describe the implementation of a virtual ICS testbed controlling the distribution breaker system of a power grid. We also describe simulating two cyber attacks using the testbed.