Experimentation environment for industrial control systems cybersecurity: On-site and remote training

Abstract The digital transformation of industries implies the need of new training efforts. In this context, cybersecurity of industrial control systems (ICS) poses specific challenges. The current practice of ICS cybersecurity training is generally restricted to the isolated management of industrial and network devices or extensive use of network traffic emulation/simulation, providing the students a limited understanding of the problem. For that reason, in this paper, we present an approach based on the replication of a simple industrial control system. For that purpose, a control cabinet, which covers the lowest levels of the automation pyramid, and a set of virtual machines (VMs) are used. The aim is to provide a flexible experimentation environment where all elements can be reconfigured. Through the deployment of the appropriate network structure, students can carry out device configurations or assume different roles in the industrial control system, from the points of view of automation or security. The experimentation environment is also designed to provide a comprehensive remote access to hardware, software and communication networks in a reliable way (flexibility), without posing a threat to the security and safety of the environment (isolation) or requiring time-consuming maintenance (easy recovery of VMs and equipment). Through the architecture defined, students can reach the VMs used in each task, which are isolated from the outer network and can be easily managed and maintained. Finally, some educational activities are presented, where the proposed approach is used for training of students with different backgrounds.