Abstract
High-fidelity cyber-physical testbeds that mimic the cyber and physical responses of real-world systems are required to investigate the vulnerabilities of industrial control systems. This chapter describes the construction of a large, virtual, high-fidelity testbed that models a midstream oil terminal. The testbed models interconnected tank farms, a tanker truck gantry, a shipping terminal and a 150 km pipeline connection to a refinery. The virtual midstream oil terminal helps experiment with cyber attacks, explore the impacts of cyber attacks in order to prototype and evaluate security controls, and support education and training efforts. The virtual midstream oil terminal is constructed using a novel modular modeling technique that segments the overall system into the physical system, cyber-physical link, distributed controllers, communications network and human-machine interface. Simulation results involving normal operations and cyber attack scenarios are presented. The midstream oil terminal testbed demonstrates that large-scale models of industrial control systems for cyber security research are feasible and valuable.
Chapter PDF
Similar content being viewed by others
References
U. Adhikari, T. Morris and S. Pan, WAMS cyber-physical testbed for power system cybersecurity study and data mining, IEEE Transactions on Smart Grid, vol. 8(6), pp. 2744–2753, 2017.
T. Alves, OpenPLC Project (www.openplcproject.com), 2018.
T. Alves, R. Das and T. Morris, Virtualization of industrial control system testbeds for cybersecurity, Proceedings of the Second Annual Industrial Control System Security Workshop, pp. 10–14, 2016.
American Petroleum Institute, Specification for Electric Motor Prime Mover for Beam Pumping Unit Service, API SPEC 11L6, First Edition, Washington, DC, 1993.
American Petroleum Institute, Specification for End Closures, Connectors and Swivels, API SPEC 6H, Second Edition, Washington, DC, 1998.
American Petroleum Institute, Specification for Line Pipe, API SPEC 5L, Forty-Third Edition, Washington, DC, 2004.
American Petroleum Institute, Specification for Bolted Tanks for Storage of Production Liquids, API SPEC 12B, Fifteenth Edition, Washington, DC, 2008.
American Petroleum Institute, Specification for Pipeline Valves, API SPEC 6D, Twenty-Third Edition, Washington, DC, 2008.
American Petroleum Institute, Loading and Unloading of MC 306/DOT 406 Cargo Tank Motor Vehicles, API RP 1007, Washington, DC, 2011.
American Petroleum Institute, Line Markers and Signage for Hazardous Liquid Pipelines and Facilities, API RP 1109, Fifth Edition, Washington, DC, 2017.
C. Bronk and E. Tikk-Ringas, The cyber attack on Saudi Aramco, Survival: Global Politics and Strategy, vol. 55(2), pp. 81–96, 2013.
M. Cintuglu, O. Mohammed, K. Akkaya and A. Uluagac, A survey of smart grid cyber-physical system testbeds, IEEE Communications Surveys and Tutorials, vol. 19(1), pp. 446–464, 2017.
Independent Inquiry Committee, Independent Inquiry Committee Report on the Indian Oil Terminal Fire in Jaipur on 29th October 2009, Ministry of Petroleum and Natural Gas, Government of India, New Delhi, India, 2010.
International Chamber of Shipping, Oil Companies International Marine Forum and International Association of Ports and Harbors, International Safety Guide for Oil Tankers and Terminals, Witherby and Company, London, United Kingdom, 2006.
R. Lee, M. Assante and T. Conway, Media Report of the Baku-Tbilisi-Ceyhan (BTC) Pipeline Cyber Attack, ICS Defense Use Case (DUC), SANS Industrial Control Systems, SANS Institute, Bethesda, Maryland, 2014.
M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga and S. Hariri, A testbed for analyzing security of SCADA control systems (TASSCS), Proceedings of the Conference on Innovative Smart Grid Technologies, 2011.
J. Mirkovic and T. Benzel, Teaching cybersecurity with DeterLab, IEEE Security and Privacy, vol. 10(1), pp. 73–76, 2012.
T. Morris, A. Srivastava, B. Reaves, W. Gao, K. Pavurapu and R. Reddi, A control system testbed to validate critical infrastructure protection concepts, International Journal of Critical Infrastructure Protection, vol. 4(2), pp. 88–103, 2011.
M. Nasir, S. Sultan, S. Nefti-Meziani and U. Manzoor, Potential cyber-attacks against global oil supply chain, Proceedings of the International Conference on Cyber Situational Awareness, 2015.
Office of Aircraft Services, Aviation Fuel Handling Handbook, CreateSpace, Seattle, Washington, 2015.
B. Reaves and T. Morris, Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems, International Journal of Critical Infrastructure Protection, vol. 5(3-4), pp. 154–174, 2012.
Y. Zhou, X. Zhao, J. Zhao and D. Chen, Research on fire and explosion accidents of oil depots, Chemical Engineering Transactions, vol. 51, pp. 163–168, 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 IFIP International Federation for Information Processing
About this paper
Cite this paper
Das, R., Morris, T. (2018). Modeling a Midstream Oil Terminal for Cyber Security Risk Evaluation. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XII. ICCIP 2018. IFIP Advances in Information and Communication Technology, vol 542. Springer, Cham. https://doi.org/10.1007/978-3-030-04537-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-04537-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04536-4
Online ISBN: 978-3-030-04537-1
eBook Packages: Computer ScienceComputer Science (R0)