New simulator aims to help plant operators fight hackers

news item image

A simulator could help the operators of chemical processing plants, water purification plants and other facilities learn to detect hacker attacks.

Facilities that use programmable logic computers to open and close valves, redirect electricity flows or manage large pieces of machinery are targets for ‘malicious actors’. This means efforts to secure these facilities and help operators detect potential attacks are vital to security.

Atlanta security start up Fortiphyd Logic and the Georgia Research Alliance have developed the new simulator, details of which were presented at the recent USENIX Workshop on Advances in Security Education.

“The goal is to give operators, researchers and students experience with attacking systems, detecting attacks and also seeing the consequences of manipulating the physical processes in these systems," said Raheem Beyah, the Motorola Foundation Professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology.

"This system allows operators to learn what kinds of things will happen. Our goal is to make sure the good guys get this experience so they can respond appropriately."

Known as the Graphical Realism Framework for Industrial Control Simulations (GRFICS), the simulator allows users to play the roles of both hackers and defenders to give them a better awareness of the signs of a hacker attack.

“The pressure and reactant levels could be made to seem normal to the operators, while the pressure is building toward a dangerous point," Beyah said.

“Though the readings may appear normal, however, a knowledgeable operator might still detect clues that the system has been attacked. "The more the operators know the process, the harder it will be to fool them," he said.

According to a Georgia Institute of Technology statement, the GRFICS system was built using an existing chemical processing plant simulator, as well as a 3-D video gaming engine running on Linux virtual machines. At its heart is the software that runs PLCs, which can be changed out to represent different types of controllers appropriate to a range of facilities.

"This is a complete virtual network, so you can set up your own entry detection rules and play on the defensive side to see whether or not your defenses are detecting the attacks," said David Formby, a Georgia Tech postdoctoral researcher who has launched Fortiphyd Logic with Beyah to develop industrial control security products.

"We provide access to simulated physical systems that allow students and operators to repeatedly study different parameters and scenarios."

GRFICS is currently available as an open source, free download for use by classes or individuals. It runs on a laptop, but because of heavy use of graphics, requires considerable processing power and memory. An online version is planned, and future versions will simulate the electric power grid, water and wastewater treatment facilities, manufacturing facilities and other users of PLCs.