RICS-el: Building a National Testbed for Research and Training on SCADA Security (Short Paper)

  • Magnus Almgren
  • Peter Andersson
  • Gunnar Björkman
  • Mathias Ekstedt
  • Jonas Hallberg
  • Simin Nadjm-TehraniEmail author
  • Erik Westring
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11260)


Trends show that cyber attacks targeting critical infrastructures are increasing, but security research for protecting such systems are challenging. There is a gap between the somewhat simplified models researchers at universities can sustain contra the complex systems at infrastructure owners that seldom can be used for direct research. There is also a lack of common datasets for research benchmarking. This paper presents a national experimental testbed for security research within supervisory control and data acquisition systems (SCADA), accessible for both research training and experiments. The virtualized testbed has been designed and implemented with both vendor experts and security researchers to balance the goals of realism with specific research needs. It includes a real SCADA product for energy management, a number of network zones, substation nodes, and a simulated power system. This environment enables creation of scenarios similar to real world utility scenarios, attack generation, development of defence mechanisms, and perhaps just as important: generating open datasets for comparative research evaluation.


Cyber security in C(I)I systems Modelling Simulation Analysis and Validation approaches to C(I)IP Training for C(I)IP and effective intervention 


  1. 1.
    Reaves, B., Morris, T.: An open virtual testbed for industrial control system security research. Int. J. Inf. Secur. 11(4), 215–229 (2012)CrossRefGoogle Scholar
  2. 2.
    Genge, B., Siaterlis, C., Nai Fovino, I., Masera, M.: A cyber-physical experimentation environment for the security analysis of networked industrial control systems. Comput. Electr. Eng. 38(5), 1146–1161 (2012)CrossRefGoogle Scholar
  3. 3.
    Siaterlis, C., Genge, B., Hohenadel, M.: EPIC: a testbed for scientifically rigorous cyber-physical security experimentation. IEEE Trans. Emerg. Topics Comput. 1(2), 319–330 (2013)CrossRefGoogle Scholar
  4. 4.
    Redwood, O., Reynolds, J., Burmester, M.: Integrating simulated physics and device virtualization in control system testbeds. In: Rice, M., Shenoi, S. (eds.) Critical Infrastructure Protection X. IAICT, vol. 485, pp. 185–202. Springer, Cham (2016). Scholar
  5. 5.
    Adhikari, U., Morris, T., Pan, S.: WAMS cyber-physical test bed for power system, cybersecurity study, and data mining. IEEE Trans. Smart Grid 8(6), 2744–2753 (2017)CrossRefGoogle Scholar
  6. 6.
    Dondossola, G., Garrone, G., Szanto, J., Deconinck, G., Loix, T., Beitollahi, H.: ICT resilience of power control systems: experimental results from the crutial testbeds, pp. 554–559 (2009)Google Scholar
  7. 7.
    Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems. NordSec 2015. LNCS, vol. 9417, pp. 11–26. Springer, Cham (2015).
  8. 8.
    McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)CrossRefGoogle Scholar
  9. 9.
    Egerstedt, M., Govindarasu, M.: Accessible remote testbeds: opportunities, challenges, and lessons learned, workshop report (2016)Google Scholar
  10. 10.
    Vasilomanolakis, E., Cordero, C.G., Milanov, N., Mühlhäuser, M.: Towards the creation of synthetic, yet realistic, intrusion detection datasets. In: IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 1209–1214, April 2016Google Scholar
  11. 11.
    Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE (2016)Google Scholar
  12. 12.
    Lin, C.Y., Nadjm-Tehrani, S., Asplund, M.: Timing-based anomaly detection in SCADA networks. In: D’Agostino G., Scala, A. (eds.) CRITIS 2017. LNCS, vol. 10707, pp. 48–59. Springer, Cham (2018).
  13. 13.
    Lin, C.-Y., Nadjm-Tehrani, S.: Understanding IEC-60870-5-104 traffic patterns in SCADA networks. In: Proceedings of the 4th Cyber-Physical System Security Workshop (CPSS), AsiaCCS. ACM, June 2018Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Magnus Almgren
    • 1
  • Peter Andersson
    • 2
  • Gunnar Björkman
    • 3
  • Mathias Ekstedt
    • 3
  • Jonas Hallberg
    • 2
  • Simin Nadjm-Tehrani
    • 4
    Email author
  • Erik Westring
    • 2
  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.FOISwedish Defence Research AgencyLinköpingSweden
  3. 3.KTH Royal Institute of TechnologyStockholmSweden
  4. 4.Linköping UniversityLinköpingSweden

Personalised recommendations