This laboratory is designed to replicate cybersecurity operations in any network topology, including both IT (information technology) environments and OT (industrial operation technologies) environments. To do so, a basis of virtualised and physical systems are provided, following the 5-level stage system recommended by IEC 62264/ISA-95. Adapting this typology to specific usage cases will allow the carrying out of reviews and tests without compromising the productive system.
Tests for vulnerabilities and cybersecurity measures in the context of a Smart Factory:
- By means of the ERP-MES-SCADA/HMI-PLC/DPS-sensor and actuator chain, it is possible to test attacks at any level of deployment (IT/OT).
- By using firewalls, IDS, switchboards with VLAN, SIEM system and anti-malware, it is possible to assess the efficiency of traditional security measures for each type of attack.
- To provide security in a wider spectrum of situations, there is industrial network equipment of different brands and models.
- Training and skills acquisition in hacking, anti-malware and security administration:
- It is ever more important to be able to strengthen and update the skills acquired on courses and training programmes via effective training in the same. This Cyberlab enables work with attacks and defences at all levels of the pyramid of automation.
- The possibility of facing automatic adversaries, but above all real ones, enables the development of decision-making skills in environments under pressure, as well as the execution of rapid and flexible responses which adapt to every exercise put forward.
Demonstrations of topological or structural vulnerabilities:
- Through hypervisors and OpenFlow we obtain total control over the structure, making it more simple and economical to reconfigure, facilitating the replication of different network and system topologies.
- Once a network scheme and equipment similar to that of a hypothetical productive environment is deployed, tailor-made attacks can be designed and demonstrated, the better to reflect the real risks of the facilities.
- With this approach it is possible to carry out potentially damaging active attacks, avoiding any unforeseen impact on the productive system.
Tests of new devices and tools integrated in the Cyberlab:
- It is possible to carry out security program and device tests by means of the use of the cybersecurity laboratory, both defensive tools and ethical hacking tools, and to see their behaviour in an environment of a certain complexity, before passing on to market systems.
- The system provides ample datasets which carry out the groundtruth work and which have been obtained after carrying out the tests in an environment whose differential factor is the lack of testing tools. This also enables the homogenisation of tests and results, giving the results more reliability.