NIST to Develop Cybersecurity Testbed for ICS
The National Institute of Standards and Technology (NIST) is seeking information to build a reconfigurable cybersecurity testbed for industrial control systems (ICS).
The supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS) and programmable logic controllers (PLC) used in industrial sectors and critical infrastructure are increasingly targeted in cyberattacks. A perfect example are recent cyber espionage operations in which the Havex remote access Trojan (RAT) has been used to access networks and harvest data on ICS.
According to NIST, the main objective is to provide guidance on the best practices for implementing security strategies within ICS without negatively impacting process performance. The secondary goal of the testbed is to measure the performance of industrial systems during a cyberattack.
The testbed will include several industrial control simulation scenarios, one of which will involve a chemical process known as the Tennessee Eastman (TE) problem, which is considered ideal for cybersecurity investigations.
NIST has published a paper to outline research goals, performance metrics and use cases, and asks companies of all sizes, including foreign ones, to provide detailed information on how they would address the requirements.
“Research outcomes from the testbed will highlight specific cases where security technologies impact control performance as well as motivate methods by which control engineers can leverage security engineering to design control algorithms that extend safety and fault tolerance to include advanced persistent threats,” NIST said.
The organization has pointed out that traditional IT security policies focus on confidentiality rather than network availability, while for ICS, particularly systems used for critical infrastructure, a high level of system availability and operational resilience is crucial. And since in many cases it’s unacceptable to degrade performance to make a system more secure, NIST believes that protections must be implemented so that system integrity is maintained during both normal operations and a cyberattack.
“The ICS cybersecurity testbed will be designed to demonstrate application of security to a variety of processes such as control of a chemical plant, dynamic assembly using robots, and distributed supervision and control of large wide area networks such as gas pipelines, water distribution pipelines, and intelligent transportation systems,” NIST explained.
Additional details for interested organizations are available in the request for information (RFI) published on Saturday on the website of the U.S. government’s Federal Business Opportunities website.
Related: Attend the Upcoming ICS Cyber Security Conference in Atlanta