In today's world, the economic and political development of a society is only achieved through efficient vital infrastructures including energy, water, information, communication technology, and banking, among others. A number of these infrastructures play a crucial role in national interests of a country, and even a momentary disruption in their function can cause irreparable damage to a nation’s economy, politics, and security.
One fundamental strategy to boost the security level of critical infrastructures is training experts in the field of cyber security and advancing science and technology in order to realize inherently-secure industrial systems. Therefore, reliable knowledge is warranted for these specialists in Information Technology and Control Engineering.
With direct supports of the president of Khatam University, Industrial Automation and Industrial Cyber-Security (ICS) Lab was founded in 2017 after meticulous studies. The laboratory was designed and launched under the supervision of a team of top specialists with the purpose of creating opportunities for sustainable development and training experts with the hopes of achieving outstanding feats in knowledge and technology development, and meeting the national needs in the field of cyber security of industrial systems.
The purpose of improving the cyber security of the country's critical infrastructures lies In the heart of this laboratory. To this end, the following missions were set in launching this laboratory:
- Creating a platform for identifying and analyzing vulnerabilities in industrial systems and networks;
- Defining security requirements for industrial systems;
- Offering examples of secure architecture in industrial systems;
- Security evaluation of designs and equipment in industrial systems;
- Developing a cyber-physical platform based on simulation;
- Risk analysis in implementing security solutions in industrial systems (preventing adverse effects on accessibility or reliability);
- Identification and analysis of malware in the field of industrial systems.
In recent years, more than 5 Master's projects have been conducted in the Industrial Automation & Industrial Cyber-Security (ICS) Lab. In addition, for the first time in Iran, a 3-credit course on industrial automation and cyber security of industrial networks has been offered using the potential granted by this laboratory.
Research Activities and University-Industry Relations
So far, the most significant achievements of this laboratory regarding research projects and university-industry relations include:
- Designing and implementing Hardware-in-the-loop (HIL) within physical platforms;
- Setting the context for conducting cyber exercises;
- Setting the context for assessing vulnerabilities, as well as researching and identifying new vulnerabilities in industrial systems;
- Setting the context for analyzing industrial malware;
- Analyzing and studying the vulnerabilities of Siemens' equipment and verifying their key vulnerabilities;
- Security analysis of Modbus protocol and verifying its vulnerabilities;
- Implementing and proving the functionality of a new malware for Siemens' products.
Significant Achievements Resulting from the Industrial Network Platform
- Implementation of boiler-turbine simulation process, including six sensors and actuators and a total of nine control loops;
- Implementation of the Tennessee simulation process, including 53 sensors and actuators and a total of 18 control loops;
- The physical process of automation in chemical processes;
- Supporting the protocols' Profinet, Profibus, Modbus, and Industrial Ethernet;
- Implementation of the most important functions of current control LAN networks in critical infrastructures.
Significant Achievements Resulting from Vulnerability Identification & Analysis Platform
- Implementation has been completed with the aim of identifying and analyzing the major vulnerabilities of Siemens products and Modbus protocol;
- In the penetration and access to the control LAN network, possible exploitations of the vulnerabilities of Siemens monitoring software have been studied and the exploitation code of its key cases has been written;
- In the penetration and access to the communication protocols of the control network, the vulnerabilities of Modbus protocol have been analyzed and the methods of exploiting them have been implemented;
- In the penetration and access to local controllers, possible exploitations of vulnerabilities of Siemens PLCs have been studied and the exploitation code of its key cases has been written;
- Based on these verified vulnerabilities, proper experiments have been designed for training purposes.
Significant Achievements Resulting from Malware Detection and Analysis Platform
- The first phase of the implementation has been completed with the aim of providing a suitable platform to familiarize students, researchers, and experts in the industry with the harmful effects of malware infection accompanied by its analysis methods;
- Anew sample malware targeting industrial systems has been designed in line with the industrial network platform of the laboratory.