PROGRAM NUCLEU SMARTIC 2019 - 2022 / Cybernetic polygon for industrial control systems – ROCYRAN

Poligon cibernetic pentru sisteme de control industrial – ROCYRAN

Project Coordinator: Dr. Carmen Elena CÎRNU – Scientific Researcher II

Overall objectives of the project

  • developing the ability to provide specialized training for IT specialists in public institutions that use automatic command-control systems;
  • development of a research component in the issue of cyber polygons in Romania.

Project description

Given that automated command-control systems monitor and control processes in a diversity of worldwide critical industries and infrastructures (energy production, transport and distribution, water distribution and wastewater treatment processes, agriculture, processing food and chemicals, etc.), effective protection against cyber threats is tantamount to protecting these essential infrastructures from disruption, material damage and / or financial loss. An extremely useful tool for the training of the competent human resource in this field is cyber range, respectively a virtual cybernetic training polygon, which we will further refer to as cybernetic polygon.

Such a facility is intended for IT professionals, who can learn to identify vulnerabilities in information systems and can imagine solutions to prevent risks in an automated and controlled environment. These trainings aim to develop the skills to counter cyber threats in the real world.

The cyber polygon is a virtual environment that can be used not only for training in cyber security and for developing the skills needed for cyber security, but also for experiments and related developments in cybersecurity.

Results

  • technological study necessary for the realization of the cyber polygon;
  • workshop dedicated to technological innovation in the field of cyber polygon;
  • SCADA specialized training module;
  • procedure for using the cyber polygon;
  • pilot series designed to train operators of industrial control systems;
  • occupation introduced in COR code;
  • SCADA pen-test to detect system vulnerabilities
  • proposal for a new professional standard for cybersecurity specialists of SCADA systems;
  • report - description of all tests performed;
  • list of identified vulnerabilities, in order of severity and probability of use;
  • list of recommendations for fixing vulnerabilities, including changes in equipment configuration and settings, use of protection mechanisms and installation of necessary software updates, or changes to system usage policies, procedures, and processes;
  • threat model detailing the practical impact if hackers exploited the identified critical vulnerabilities.
Short description

Given that automated command-control systems monitor and control processes in a diversity of worldwide critical industries and infrastructures (energy production, transport and distribution, water distribution and wastewater treatment processes, agriculture, processing food and chemicals, etc.), effective protection against cyber threats is tantamount to protecting these essential infrastructures from disruption, material damage and / or financial loss.