Open in app

Sign in

Write

Sign in

Building an Attack Lab for an ICS Network for Testing

Rhett Greenhagen
4 min readJun 29, 2020

--

1. Introduction

Industrial Control Systems (ICS) are instrumental in monitoring and controlling industrial processes. ICSs are associated as being mission critical applications and are either continuous process control systems or discrete process control systems. Attack labs are essentially test kits that are used to practice and simulate threats and attacks in a Modern Active Directory environment. Attack labs are curated as per the attacks under evaluation. While there are a handful of large, reputable labs out there, not everyone has the resources to build a lab of that stature.

Building a lab, however, isn’t a daunting task, if you know what exactly it is that you need. Depending on the attack type, these labs need to be tailored as per the attack under question. Are you looking to build an Attack Lab for an ICS Network and aren’t sure where to start? This guide will help you with it and will give you an idea of what it is that you need to get started.

2. Why Does an ICS Network Exist?

ICS Networks exist to safeguard industrial control systems and its associated hardware and software. ICS Networks allow users to monitor and control the operations of industrial devices, across multiple industries. As IoT took shape, it became imperative to have these networks in place to better monitor the operations of these devices within the network. The interconnected nature of these industrial systems churns out a large chunk of data, which is why they need to be monitored. ICS supports Critical infrastructure, which while beneficial from a feature standpoint, also exposes it to vulnerabilities. Due to the fact that critical infrastructure is one of its supported platforms, ICS networks can be easily exploited and remain unpatched.

Due to this, it is imperative to build and test attack labs for testing the security of these ICS networks. Security researchers adopt certain methods to design attack labs and here are ways in which you can do the same.

3. Approach to Design an Attack Lab for Testing

As mentioned above, there are many ways to develop an attack lab. Here’s how you can get started: -

3.1 Using a Raspberry Pi

Perhaps the most cost-efficient way to design an attack lab, this also happens to be the easiest. Raspberry Pi’s have become extremely popular over the years and there is a whole community dedicated to its development. For those unaware of what a Raspberry Pi is, think of it as a mini-computer. Over the years, Raspberry Pi has advanced to a level where one can connect it to an external display to view content. You can find one for really cheap on eBay or Amazon to start.

Raspberry Pi’s HDMI port allows users to run and operate virtual machines. These virtual machines act as the catalyst to program attack lab. You would further require external storage such as a SD card to load the files. Once you have that, you need to get a bootable image file, depending on the virtual machine you are interested in loading. Follow this guide as a starter to get a first hand experience of building an attack lab. Raspberry Pi’s low cost makes it the most lucrative option to do experiments like this, especially for beginners.

3.2 Assembling a real ICS Program

For more advanced users or those graduating from Raspberry Pi, this is the next logical step. While Raspberry Pi is beneficial for new users, it is limited due to the lack of processing power. Building and assembling a real ICS program needs more investment and specifically requires the following: -

1. Program Logical Controllers (PLCs)

2. Human Machine Interfaces (HMIs)

3. Remote Terminal Units (RTUs)

4. Intelligent Electronic Devices (IEDs)

While these require more capital investment, it won’t work without any prior knowledge. Obviously a more powerful set-up, this replicates real world attacks on systems and helps draw logical conclusions. The best way to test a real ICS program would be to get more systems on the network. Once the ICS program has been perfected, it should be subjected to a test by an autonomous pen testing team. An outside pen testing team would ensure a due arbitrary process. Also, it will expose serious vulnerabilities without causing any substantial damage since this would be for testing only.

Do account for the fact that a real, simulated office environment should also be created to test these systems. Irrespective of the approach used to develop the system, they need to be thoroughly tested before being implemented. Hence, it is important that the right talent pool works on a project like this. Handing over the project to someone without the technical know-how would turn out to an expensive affair. Documentation of the results is also important to track changes and for future references.

4. Final Thoughts

In the field of IT, every large scale resource with potential security flaws needs to be tested. Creating a simulated environment has become easier for organizations, as well as those groups who have a nefarious purpose. Therefore, a project like this should only be done after undertaking a conscious cost-benefit analysis. While ICS Networks aid organizations reap benefits due to its wide applications, it can also result in irreparable damages. Thus, once the lab is created, procedures should be created to revert to the last stable state, should things go wrong.

If you want access to my ICS attack labs, please message me directly.

--

--

Rhett Greenhagen
Rhett Greenhagen

Written by Rhett Greenhagen

46 Followers
5 Following

“I am always ready to learn although I do not always like being taught.” — Winston Churchill

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams