CYBATI announces Traffic Light and Railway Control System Models along with a Metasploit Module to Educate Upon Real Cybersecurity Risks

Share Article

CYBATI, an education and awareness company, today announces the release of a new I/O training platform, small-scale kinetic models, course lecture material and lab exercises for control system cybersecurity. Four sample concepts introduced in the models are hardware hacking a technician's USB administrative cable, faulting the logic controllers, and maliciously altering the logic creating a train derailment or forcing an all-green traffic light intersection. The small-scale models use real controllers and communications protocols such as PCCC, ISO-TSAP, Modbus/TCP and DNP3. The participants must review the cyber asset's for their vulnerabilities and the functional logic associated with the design. The small-scale models are built upon CYBATI's trainer unit platform allowing for rapid prototyping of other control system verticals, such as electric utilities, natural gas, fresh water/waste water, mining, and even public entertainment (e.g. fireworks, concerts and amusement parks).

CYBATI's New Control System Cybersecurity Trainer Unit

CYBATI's New Control System Cybersecurity Trainer Unit

The customizable trainer units and small-scale models serve as the hands-on mechanism to educate upon the cyber, physical and operational risks in control system environments.

CYBATI announces the availability of a new educational platform to understand the risks and supporting mitigating controls associated with control systems cyber assets and operations. "It is the culmination of two years worth of research in how to identify a hands-on, portable small-scale approach to convey the cyber risks associated with control system environments," said Matthew E. Luallen, CYBATI's Co-Founder and President. The small-scale models highlight the real threat associated with cyber, physical, and operational risks in today's modern control system cyber assets and their default communication protocols.

Modern control system's are used to operate the majority of essential life functions enjoyed daily. The water we drink, the electricity we use and even the amusement we partake in. The control system cyber assets automating these functions were initially designed with real-world logic, such as the water level in this tank should never go beyond empty (a negative value) so it is unnecessary to address this in a logical design. They were also designed with trustworthy communication protocols with the belief that only trusted devices would communicate with them. The Internet, wireless, just-in-time designs and enhanced performance expanded the control environments beyond these trustworthy systems. When an attacker wants to manipulate these systems they manipulate this expanded trust area and may even use the actual blueprints of the design to identify their targets. For instance, an attacker may compromise the cyber asset and then review for the MASTER STOP conditions in the logic or what sensors to simultaneously disrupt. These conditions may directly represent just what the attacker wants to perform to create the physical disruption, such as never switch the turnout location of the train track while the train is directly on top of the switching location. Safety systems and logic were designed to protect personnel and assets; however, these same protections may also serve as the roadmap to an attack and should be protected as confidential information. The hope is that the small-scale models and educational materials will provide an ability to highlight these risk in real environments before an attack is successful.

The course also includes a lab on how to write a soon to be released Metasploit module creating a fault condition on a popular line of small industrial controllers. "I did not want to write this exploit. I am ultimately a husband and a father of four girls, every moment of time spent is valuable. I had to write it to truly understand how difficult it is to intelligently topple over a Programmable Logic Controller (PLC)" said Luallen. The exploit took all of two hours to write, most of which was documenting how to prevent such an attack using other security controls as the device itself can not be protected. More information pertaining to this exploit and laboratory exercise will become publicy available in the coming weeks.

The small-scale environments, training units and course material are licensable from CYBATI for use in academic and professional settings. "Our hope is that the licensing model will help to rapidly disseminate this material to the correct industry participants," emphasized Luallen. Until the licensing model is operational, CYBATI is offering a remotely accessible course with limited seats from November 20 through December 22 and a live, in person version of the course at the Sheraton Maui on January 28 through February 1, 2013.

CYBATI's President and Co-Founder will be providing live demonstrations of the small-scale models or discussing control system cybersecurity at the following upcoming events: ASIS Chicago Chapter meeting on October 16, University of Iowa's Security Day on October 17, NERC GridSecCon on October 18, TCIPG Industry Workshop on October 31 and Illinois State University's ISUSEC club on November 1.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Matthew Luallen
Follow us on
Visit website