Faking a Factory: Creating and Operating a Realistic Honeypot

Automatic TRANSCRIPT

I want to touch on the set up of the honeypot first. So as you were alluding to at your presentation, one of the reasons for behind pod is to understand the kind of attackers that would be interested in manufacturing facility to compromise it. So can you tell us how you set up the ICS components industrial control systems components like the hitch? The robotics workstation and try to make it as realistic as possible. So we went through we we already had four different PLC's we've used for other projects, and so we took those sees initially we were going to try and create the logic. I. But we found out is that it was actually a lot easier for us to go through and create the h. m. i.. So he went through a couple of of what our factory should be. and. We decided that we would go with a prototyping factory and the reason for that is that we could make changes on the fly would be a little bit easier instead of only making one type of part, they're pretty much always going to have the same setup. So we wanted something that was a little bit flexible so that if we went through and made changes, it wouldn't. Be, unusual. So we took our pile sees a connected them into an HMO for the. We just started dropping in some different components of what we thought would be at a prototyping facility, and that included a like a hopper or a container for our product. Basically, it was plastics, and then that would feed into a process heater that would heat up the material that would then go through an extruder and that would essentially similar to like a three D. printer or a an injection moulding print out the product, and then it would go off to a conveyor belt essentially and then get shipped out. So we had the appeal see we had different peels for different components. One of the components that one of the PC's was for the agitator in the tank as well as one of. The pumps. So the product would flow out of the tank using the agitator and then get pumped into the process that was essentially one of our PC's we had another one map for the process heater. Then another one map for the stronger and conveyor belts, and then a final one for the politics and the traffic I challenge I was just GonNa say listen I'm not too familiar with industrial countries. Can you explain what Piazzi is and what Tim is So An H. M. I is basically just a graphical interface. So when a switch on appeal see is turned on or off, usually control that through the Hmo I, just really interface, it can do other things but the primary function of the. Our human machine interface is a graphical user interface. Essentially, the L. sees a parable logic controller it can be set up in a number of ways, but typically you have logic on the device you have inputs and. Output S-. So one of the inputs might be a temperature sensor another, which could be the RPM from a motor. The outputs can be as simple as an honor offs function to turn on and off the process heater or the conveyor belt could also be something that you would use to increase or decrease the temperature of the process heater the PAC controls through. I O ports it has logic in there so that you can automatically perform functions. So if the temperature goes above five hundred degrees Fahrenheit than the PLC would automatically turn that down to four hundred fifty degrees Fahrenheit. For instance, you can set preconditions within the appeal see, and then you can also perform other demands that are remotely done through something like the. HMO. So you have fall components in your sat out, you have the agitator, the burner, the conveyor about and polite tyler, and you have a POC inter phasing with each of these components to allow the operator to adjust to operate at the components. So mostly for monitoring some some of it was for turning the process on and off, and so they it they. Had A bunch of different or a few different functions primarily turning it off and on and monitoring while the actual PLC's and we use some kind of pseudo logic in there to make it look realistic although they weren't actually connected to a real conveyor belt they weren't connected to a real prosecutor. So we simulated some of that data. So how long did it take for your team to come out with this design including the logic in the PRC's? Once. We had kind of settled on what our business was. We took about two weeks to get all of the the. All of the logic setup up that included setting up all the monitoring and all the other pieces as well, and you also have robotics on his well. Yes. So that was a simulated by one of the PLC's we didn't have a real robotic arm we did have a robotics work station. Bats some software on there, but it didn't control anything. So the way that you exposed visit a net is by the time I and also the PIC's as well. Correct. So initially, we had exposed the the robotics work station and all of the Piel sees and we did that using VNC on view only after a while we weren't really seeing anything so. We exposed with on VNC using read and write, and that's when we started getting more attacks and how is this setup different from your previous research where you were looking where research water system and the gas monitoring system I think initially on those that they had just kind of exposed certain ports in certain services online that were common I, think with the. Confident it was common to a gas station setup. This one was a lot more interactive. It required a bit more monitoring a day to day basis the other projects we were just able to collect logs whereas this one, we were actually monitoring what people were doing on our system by doing video recordings and stuff like

Coming up next