Current Traffic Light Cybersecurity Simulation CybatiWorksTM Mini Kit
Representative Traffic Light HMI/OPC and Logic |
CybatiWorksTM Mini Kit with the Expandable Traffic Control PCB |
|
Current Power Grid Cybersecurity Simulation CybatiWorksTM Mini Kit
Representative Power Grid HMI/OPC and Logic |
CybatiWorks Mini Kit with the Power Grid PCB |
|
Current Power Grid Cybersecurity Simulation using the CybatiWorksTM Industrial Edition
Representative Power Grid HMI/OPC |
Expandable Power Grid SnapCircuits IO Board |
|
CybatiWorksTM BlackBox Generator inside the CybatiWorksTM Software Platform
Another example tool in the current platform is the CybatiWorks™ Blackbox, as shown in Figure 5. The cybersecurity education wizard builds a 40 node software-defined network coupled with up to 7 other real physical devices. The cyber assets and their applications reside in 3 distinguished zones – Industrial Control Systems, Corporate and the Internet. The scenario builds an ICS/IT/Internet architecture complete with IPv4 and IPv6 routing protocols and includes two attacks and associative defenses. The current educational scenario includes two simple models including a virtualized bottling facility and the printed circuit board traffic light. Using protocol libraries the model generates simulated devices using DNP3, AB PCCC and Modbus protocols. The simulation includes several IT services, engineering documents and traditional business technology as well as an active attacker with a unique command and control channel. The participant is stepped through a series of wizards to baseline the environment, and is expected to identify the attack and respond appropriately using techniques provided in the curricula. The current wizard is resettable to the original scenario allowing easy set up. The Blackbox generator uses a series of wizard-based steps, as shown in Figure 6, to lead the participant through the exercise. The steps include notifications about active discovery precautions within cyber-physical systems, such as the impact any changes may have on operations. Even the addition of a configured network switch span or physical tap port may have on operations. Later steps have the participant enable the attacker and use tools to identify the attacker source and engineering logic. |