Combining an Emulab-based testbed with real-time software simulators, EPIC takes a novel approach to
cybersecurity studies involving multiple heterogeneous NCIs. EPIC can be
viewed as an instance of a new class of
testbeds—suitable for assessing cyberthreats against physical infrastructures. It supports interesting studies
in many interdependent critical infrastructure sectors with heterogeneous
systems (such as transportation, chemical manufacturing, and power grids);
to explore several, see http://ipsc.jrc.
1. Bell, R. and Åström, K. Dynamic Models for Boiler-Turbine Alternator Units: Data Logs and Parameter
Estimation for a 160MW Unit. Technical Report
TFRT–3192. Lund Institute of Technology, Lund,
2. Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A.,
Sklower, K., Ostrenga, R., and Schwab, S. Experience
with DETER: A testbed for security research.
In Proceedings of the International Conference
on Testbeds and Research Infrastructures for
the Development of Networks and Communities
(Barcelona, Mar. 1–3). IEEE, New York, 2006,
3. Bergman, D.C., Jin, D., Nicol, D.M., and Yardley, T.
The virtual power system testbed and inter-testbed
integration. In Proceedings of the Second Conference on
Cyber Security Experimentation and Test (Montreal, Aug.
10–14). USENIX Association, Berkeley, CA, 2009, 5–5.
4. Bobbio, A., Bonanni, G., Ciancamerla, E., Clemente,
R., Iacomini, A., Minichino, M., Scarlatti, A., Terruggia,
R., and Zendri, E. Unavailability of critical SCADA
communication links interconnecting a power grid and
a telco network. Reliability Engineering and System
Safety 95, 12 (Dec. 2010), 1345–1357.
5. Charette, R. IT Hiccups of the week: Southwest
Airlines computer failure grounded all flights. IEEE
Spectrum Risk Factor Blog (June 2013); http://
6. Chen, T. and Abu-Nimeh, S. Lessons from Stuxnet.
Computer 44, 4 (Apr. 2011), 91–93.
7. Chertov, R., Fahmy, S., and Shro, N.B. Fidelity of
network simulation and emulation: A case study
of TCP-targeted denial-of-service attacks. ACM
Transactions on Modeling and Computer Simulation
19, 1 (Jan. 2009), 4:1–4: 29.
8. Chunlei, W., Lan, F., and Yiqi, D. A simulation
environment for SCADA security analysis and
assessment. In Proceedings of the 2010 International
Conference on Measuring Technology and
Mechatronics Automation (Changsha City, China, Mar.
13–14). IEEE, New York, 2010, 342–347.
9. Downs, J. and Vogel, E. A plantwide industrial process
control problem. Computers & Chemical Engineering
17, 3 (Mar. 1993), 245–255.
10. Duggan, D. Penetration Testing of Industrial Control
Systems. Technical Report SAND2005-2846P. Sandia
National Laboratories, Albuquerque, NM, 2005.
11. Hahn, A., Ashok, A., Sridhar, S., and Govindarasu, M.
Cyber-physical security testbeds: Architecture,
application, and evaluation for smart grid. IEEE
Transactions on the Smart Grid 4, 2 (June 2013), 847–855.
12. IBM and Cisco. Cisco and IBM provide high-voltage grid operator with increased reliability and
manageability of its telecommunication infrastructure.
IBM Case Studies, 2007; https://www.cisco.com/
13. Manera, M. and Marzullo, A. Modelling the load curve
of aggregate electricity consumption using principal
components. Environmental Modeling Software 20, 11
(Nov. 2005), 1389–1400.
14. McDonald, M.J., Mulder, J., Richardson, B. T., Cassidy,
R.H., Chavez, A., Pattengale, N.D., Pollock, G.M., Urrea,
J. M., Schwartz, M. D., Atkins, W. D., and Halbgewachs,
R. D. Modeling and Simulation for Cyber-Physical
System Security Research, Development, and
Applications. Technical Report SAND2010-0568.
Sandia National Laboratories, Albuquerque, NM, 2010.
15. Nai Fovino, I., Masera, M., Guidi, L., and Carpi, G.
An experimental platform for assessing SCADA
vulnerabilities and countermeasures in power plants.
In Proceedings of the Third Conference on Human
System Interactions (Rzeszow, Poland, May 13–15).
IEEE, New York, 2010, 679–686.
16. Nan, C., Eusgeld, I., and Kröger, W. Analyzing
vulnerabilities between SCADA system and SUC due
to interdependencies. Reliability Engineering & System
Safety 113 (May 2013), 76–93.
17. Queiroz, C., Mahmood, A., and Tari, Z. SCADASim: A
framework for building SCADA simulations. IEEE
Transactions on Smart Grid 2, 4 (Sept. 2011), 589–597.
18. Ríos, M.A. and Ramos, G. Power system modelling for
urban mass-transportation systems. In Infrastructure
Design, Signaling and Security in Railway. In Tech,
Rijeka, Croatia, 2012, 179–202.
19. RIPE Network Coordination Centre. You Tube Hijacking:
A RIPE NCC RIS Case Study, 2008; http://www.ripe.
20. Siaterlis, C., Garcia, A., and Genge, B. On the use
of Emulab testbeds for scientifically rigorous
experiments. IEEE Communications Surveys and
Tutorials 15, 2 (Second Quarter 2013), 929–942.
21. Tuan, T., Fandino, J., Hadjsaid, N., Sabonnadiere, J.,
and Vu, H. Emergency load shedding to avoid risks of
voltage instability using indicators. IEEE Transactions
on Power Systems 9, 1 (Feb. 1994), 341–351.
22. University of Washington. Power Systems Test Case
Archive. Electrical Engineering Department, Seattle,
23. U. S. Department of Energy. National SCADA Test Bed.
Washington, D. C., 2009; http://energy.gov/sites/prod/
24. White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad,
S., Newbold, M., Hibler, M., Barb, C., and Joglekar,
A. An integrated experimental environment for
distributed systems and networks. In Proceedings of
the Fifth Symposium on Operating Systems Design
and Implementation (Boston, Dec. 9–11). USENIX
Association, Berkeley, CA, 2002, 255–270.
25. Yardley, T., Berthier, R., Nicol, D., and Sanders, W.
Smart grid protocol testing through cyber-physical
testbeds. In Proceedings of the Fourth IEEE PES
Innovative Smart Grid Technologies Conference
( Washington, D. C., Feb. 24–27). IEEE Power and
Energy Society, NJ, 2013, 1–6.
Christos Siaterlis ( firstname.lastname@example.org)
is a project officer in the Institute for the Protection and
Security of the Citizen of the European Commission’s Joint
Research Centre, Ispra, Italy.
Béla Genge ( email@example.com) is a Marie Curie
postdoctoral fellow and a member of the Informatics
Department at Petru Maior University of Tîrgu Mureş,
© 2014 ACM 0001-0782/14/06 $15.00
the cyber-physical testbed through
real physical devices, assuming it is
feasible, economically cost effective,
A look at reality. Most telecom
operators limit the interference between separate VPNs; for example,
with deployment of quality of service
(QoS) in the MPLS network an attack
on the public Internet barely affects
the private traffic of other telecom
customers. We validated this claim
by running our EMS-related experiment after activating QoS with packet
prioritization (a feature also used to
implement packet prioritization in
industrial communications) in the
MPLS cloud. The only measurable
effect was a slight increase of packet
round-trip times (by 1ms–2ms), a
tolerable delay if we apply the IEEE
1646-2004 standard for communication delays in substation automation,
meaning high-speed messages must
be delivered in the 2ms–10ms range.
However, such measures, delivered through policies and regulation,
are not compulsory. Our EMS-related
experiment demonstrated the severe
risk if the measures are not implemented, highlighting the potential
effect of ICT disruption on a range
of physical systems. Moreover, by designing and conducting experiments
based on real incidents we were
able to explore a number of what-if
scenarios. For example, we investigated a 2004 incident that affected
Rome’s remotely controlled power
grid managed through a public telecommunications network. 4 Communications between remote sites was
disrupted due to a broken water pipe
flooding the server room of a telecom operator, short-circuiting critical hardware. Power-grid operators
were unable to monitor or control
the remote site. Fortunately, none
of the disturbances was harmful, so
the grid was stable. Nevertheless, as
shown in our experiments on EPIC, a
change in the balance between generated and consumed energy would
have serious consequences on the
electrical grid. In Rome, with a population of 2. 5 million in 2004, it could
have caused blackouts throughout
the city and affected other critical infrastructure (such as transportation
and health care).