ADSC creates platform for cybersecurity research


Cassandra Smith

Fighting against cyberattacks is at the forefront of many research expeditions, especially regarding critical infrastructures such as power grids and water treatment plants. However, a common issue is not having a way to experiment with attacks in a hands-on way. 

“In order to conduct cyberattack/defense experiments for quantitative evaluation, the ideal way would be to utilize the real system infrastructure,” said ADSC Principal Research Scientist Diasuke Mashima. “However, with critical infrastructure, because of the potential negative impact on stability and availability of essential lifeline services, it is almost impossible.”  

A second option would be using an isolated testbed using real devices and hardware, but there are limits such as cost and accessibility. "To overcome such challenges virtual, software-based testbed[s] (I.e., cyber range) [have] been attracting interest. However, many [implementations have been] one-off and proprietary, and thus are not available to [the] public,” Mashima said. 

Illinois at Singapore (ADSC) is creating a way for researchers to conduct their experiments through a smart grid cyber range. “The project aims at developing a user-friendly, cloud-based framework to help users to instantiate smart grid cyber range and conduct cyber attack experiments with minimal effort,” said Mashima. This testbed would allow training without expensive development and maintenance or in-depth domain knowledge. 

“The Cyber Range as a Service (CRaaS) framework to be developed is expected to enhance flexibility, usability, and accessibility of cyber range for broader user base,” said Mashima. 

ADSC created the smart grid cyber range modelling language, SG-ML, in addition to a toolchain for processing it. “These are the building blocks for this project, and we will extend the SG-ML framework to establish a novel, additional service for NCL [National Cybersecurity R&D Laboratory] so that users can upload the model to be instantiated on the NCL nodes as well as interact with the cyber range for various experiments,” said Mashima. 

They are also developing a way for users to know how hackers operate outside of the lab using a “honeypot.” “...its purpose is to attract real-world attackers into it to collect information about them,” said Mashima. “We plan to use the data collected from our honeypot to develop a cyber-attack emulator tool so that the user of cyber range can easily reproduce real-world cyber-attacks for their experiments.”