Abstract
When systems are targeted by cyber attacks, cyber first responders must be able to react effectively, especially when dealing with critical infrastructure assets. Training for cyber first responders is lacking and most exercise platforms are expensive, inaccessible and/or ineffective. This chapter describes a mobile training platform that incorporates a variety of programmable logic controllers in a single system that helps impart the unique skills required of industrial control system cyber first responders. The platform is modeled after a jail in the United States and was developed to maximize realism. Training scenarios are presented that cover specific cyber first responder skills and techniques. The results demonstrate that the platform is robust and highly effective for conducting sustained training exercises in curricula developed for cyber first responders.
Chapter PDF
Similar content being viewed by others
References
Z. Basnight, Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2013.
A. Bauer, Talking with your doctor about prognosis, Cancer.Net, August 14, 2014.
J. Butts and M. Glover, How industrial control system security training is falling short, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 135–149, 2015.
R. Candell, T. Zimmerman and K. Stouffer, An Industrial Control System Cybersecurity Performance Testbed, NISTIR 8089, National Institute of Standards and Technology, Gaithersburg, Maryland, 2015.
Department of Psychiatry, New York University School of Medicine, Medical Student Education Program in Psychiatry, New York University, New York (www.med.nyu.edu/psych/education/medical-student-education), 2017.
L. Folkerth, Forensic Analysis of Industrial Control Systems, InfoSec Reading Room, SANS Institute, Bethesda, Maryland (www.sans.org/reading-room/whitepapers/forensics/forensic-analysis-industrial-control-systems-36277), 2015.
Idaho National Laboratory, INL Cyber Security Research: Defending the Network Against Hackers, Fact Sheets: 21st Century Science and Technology, Idaho Falls, Idaho (www.inl.gov/research/inl-cyber-security-research), 2014.
Idaho National Laboratory, University Partnerships, Idaho Falls, Idaho (www.inl.gov/inl-initiatives/education), 2016.
International Information System Security Certification Consortium ((ISC)\(^{2}\)), (ISC)\(^{2}\) Information Security Certification Programs, Clearwater, Florida (www.isc2.org/credentials/default.aspx), 2016.
Sandia National Laboratories, Distributed Energy Technology Laboratory, Albuquerque, New Mexico (energy.sandia.gov/wp-content/gallery/uploads/DETL_Factsheet_SAND2010-3643_Aug2011.pdf), 2011.
Sandia National Laboratories, SCADA Testbeds, Albuquerque, New Mexico (energy.sandia.gov/energy/ssrei/gridmod/cyber-security-for-electric-infrastructure/scada-systems/testbeds), 2016.
SANS Institute, ICS Training Courses, Bethesda, Maryland (ics.sans.org/training/courses), 2017.
SANS Institute, SEC562: CyberCity Hands-On Kinetic Cyber Range Exercise, Bethesda, Maryland (www.sans.org/course/cybercity-hands-on-kinetic-cyber-range-exercise), 2017.
E. Skoudis, How to build a completely hackable city in five steps: And why you should build your skills in this arena, presented at SANS Pen Test Hackfest, 2013.
K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2011.
J. Yoon, Framework for Evaluating the Readiness of Cyber First Responders for Industrial Control Systems, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2016.
J. Yoon, S. Dunlap, J. Butts, M. Rice and B. Ramsey, Evaluating the readiness of cyber first responders responsible for critical infrastructure protection, International Journal of Critical Infrastructure Protection, vol. 13, pp. 19–27, 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing (outside the US)
About this paper
Cite this paper
Daoud, J., Rice, M., Dunlap, S., Pecarina, J. (2017). MULTI-CONTROLLER EXERCISE ENVIRONMENTS FOR TRAINING INDUSTRIAL CONTROL SYSTEM FIRST RESPONDERS. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-70395-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-70395-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70394-7
Online ISBN: 978-3-319-70395-4
eBook Packages: Computer ScienceComputer Science (R0)