Building an Attack Lab for an ICS Network for Testing

1. Introduction

Industrial Control Systems (ICS) are instrumental in monitoring and controlling industrial processes. ICSs are associated as being mission critical applications and are either continuous process control systems or discrete process control systems. Attack labs are essentially test kits that are used to practice and simulate threats and attacks in a Modern Active Directory environment. Attack labs are curated as per the attacks under evaluation. While there are a handful of large, reputable labs out there, not everyone has the resources to build a lab of that stature.

Building a lab, however, isn’t a daunting task, if you know what exactly it is that you need. Depending on the attack type, these labs need to be tailored as per the attack under question. Are you looking to build an Attack Lab for an ICS Network and aren’t sure where to start? This guide will help you with it and will give you an idea of what it is that you need to get started.

2. Why Does an ICS Network Exist?

ICS Networks exist to safeguard industrial control systems and its associated hardware and software. ICS Networks allow users to monitor and control the operations of industrial devices, across multiple industries. As IoT took shape, it became imperative to have these networks in place to better monitor the operations of these devices within the network. The interconnected nature of these industrial systems churns out a large chunk of data, which is why they need to be monitored. ICS supports Critical infrastructure, which while beneficial from a feature standpoint, also exposes it to vulnerabilities. Due to the fact that critical infrastructure is one of its supported platforms, ICS networks can be easily exploited and remain unpatched.

Due to this, it is imperative to build and test attack labs for testing the security of these ICS networks. Security researchers adopt certain methods to design attack labs and here are ways in which you can do the same.

3. Approach to Design an Attack Lab for Testing

As mentioned above, there are many ways to develop an attack lab. Here’s how you can get started: -

3.1 Using a Raspberry Pi

Perhaps the most cost-efficient way to design an attack lab, this also happens to be the easiest. Raspberry Pi’s have become extremely popular over the years and there is a whole community dedicated to its development. For those unaware of what a Raspberry Pi is, think of it as a mini-computer. Over the years, Raspberry Pi has advanced to a level where one can connect it to an external display to view content. You can find one for really cheap on eBay or Amazon to start.

Raspberry Pi’s HDMI port allows users to run and operate virtual machines. These virtual machines act as the catalyst to program attack lab. You would further require external storage such as a SD card to load the files. Once you have that, you need to get a bootable image file, depending on the virtual machine you are interested in loading. Follow this guide as a starter to get a first hand experience of building an attack lab. Raspberry Pi’s low cost makes it the most lucrative option to do experiments like this, especially for beginners.

3.2 Assembling a real ICS Program

For more advanced users or those graduating from Raspberry Pi, this is the next logical step. While Raspberry Pi is beneficial for new users, it is limited due to the lack of processing power. Building and assembling a real ICS program needs more investment and specifically requires the following: -

1. Program Logical Controllers (PLCs)

2. Human Machine Interfaces (HMIs)

3. Remote Terminal Units (RTUs)

4. Intelligent Electronic Devices (IEDs)

While these require more capital investment, it won’t work without any prior knowledge. Obviously a more powerful set-up, this replicates real world attacks on systems and helps draw logical conclusions. The best way to test a real ICS program would be to get more systems on the network. Once the ICS program has been perfected, it should be subjected to a test by an autonomous pen testing team. An outside pen testing team would ensure a due arbitrary process. Also, it will expose serious vulnerabilities without causing any substantial damage since this would be for testing only.

Do account for the fact that a real, simulated office environment should also be created to test these systems. Irrespective of the approach used to develop the system, they need to be thoroughly tested before being implemented. Hence, it is important that the right talent pool works on a project like this. Handing over the project to someone without the technical know-how would turn out to an expensive affair. Documentation of the results is also important to track changes and for future references.

4. Final Thoughts

In the field of IT, every large scale resource with potential security flaws needs to be tested. Creating a simulated environment has become easier for organizations, as well as those groups who have a nefarious purpose. Therefore, a project like this should only be done after undertaking a conscious cost-benefit analysis. While ICS Networks aid organizations reap benefits due to its wide applications, it can also result in irreparable damages. Thus, once the lab is created, procedures should be created to revert to the last stable state, should things go wrong.

If you want access to my ICS attack labs, please message me directly.




“I am always ready to learn although I do not always like being taught.” — Winston Churchill

Love podcasts or audiobooks? Learn on the go with our new app.

Enabling Secure HTTP for BBC Online — Media

Article of the Day: the importance of Network Security

Nine In Ten Kids Have An Online Presence By The Age Of Two — Protecting Children’s Data Online

QA and Cybersecurity

Agile methodology variant for security testing

Here is how you can become an ethical hacker

5 Smart ways to maintain your digital privacy

How to Claim Tokens

It Looks Like The NSA Is Going To Be Buying Tons Of Exploits Again

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rhett Greenhagen

Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill

More from Medium

Celebrate #PrideWithAPurpose