Project Status: Development
Supported by @sfl0r3nz05.
-
The aim of this project is to develop and deploy an ICS virtualized network on which to perform security tests.
-
The specific use case to be implemented is that of a Waster Water Treatment Plant (WWTP). However the project may integrate other use cases such as the Tennesse-Eastman.
-
This project is related to the OT-NWbasedOnGNS3 project, aiming to deploy the use case of this project on a larger ICS network.
-
The project can be deployed in two ways: Docker compose network and GNS3 network simulation.
Compilation of documents related to the project theme
- Development of an Open-Source Testbed Based on the Modbus Protocol for Cybersecurity Analysis of Nuclear Power Plants
- Whitepaper: CHERNOVITE's Emerging Malware Targeting Industrial Control Systems
- Stuxnet: Dissecting a Cyberwarfare Weapon
-
The project can be either deployed on Docker or GNS3, although it is recommended to deploy the project on GNS3.
-
For deployment based on
docker compose: -
For deployment based on
GNS3:Note: For deployment over GNS3, the same previous requirements should be used.
- Clone project repository locally:
git clone https://github.com/sfl0r3nz05/ICSsVirtualForCiberSec.git- For
docker-composedeployment run the docker-compose.yml file using Docker Compose. - To do so, navigate to the directory where the
docker-compose.ymlfile is located and run the following command:
docker compose up -d- For
GNS3deployment use the following GNS3 Deployment Guide
- The following use cases have been implemented and tested:
- As referenced by MITRE and Dragos, the so-called INCONTROLLER or PIPEDREAM malware developed by the group CHERNOVITE is capable of targeting multiple ICS systems from different vendors and perform attacks successfully.
- One of the most common attacks is the Parameter Modification, which is the one performed in this demonstration video. This attack consist in changing the actual value of a PLC register into another one chosen by the attacker.
- To try to avoid this kind of attacks, an alarm script has been developed and implemented into the project.
- The GNS3 project file containing the alarm container can be found in network/GNS3Deployment/demo.gns3project.
- To run the project with the alarm script, just download it and follow the GNS3 Project Deployment Guide
Note: This section is for advanced users that want to edit the pre-established continer configuration. If you only want to run the preconfigured case scenario follow the steps in Getting Started.
-
This section explains how to build and set-up the containers that will be imported in both
docker composeandGNS3.-
ICS Process containers:
Note: The following containers will be associated with the industrial processes to be integrated in the project
-
Scada-LTS-MySQL:
-
For
docker-composedeployment use the container included into the docker-compose.yml file. -
For
gns3use the following Scada-LTS-MySQL container importation
> **Note:** Follow this step to set-up the ScadaLTS-MySQL container once it is deployed: [Scada-LTS-MySQL](./documentation/Components/Scada-LTS.md) -
This section also considers how to build and set-up the network to be deployed.
- Develop and implement more cybersecurty detection and mitigation mechanisms basd on common ICS cyberattacks
- Deploy whole project on GNS3
- Try to fix sporadic errors
- Implement pfsense on host
- Implement wazhu as GNS3 container
- Fix WWTP-OpenPLC interface deployment problem
- Implement ModTester automatization