Lowering the Barriers to Industrial Control System Security with GRFICS

Despite the abundance of free online resources and increased research into innovative educational techniques, the shortage of cybersecurity skills in the workforce continues. The skills gap in the specific area of industrial control system (ICS) security is even more dismal due to the higher barriers to entry raised by the exclusive use of expensive, proprietary hardware and software and the inherent dangers of manipulating real physical processes. To help beginners in ICS security overcome these barriers to entry we developed a graphical realism framework for industrial control simulations (GRFICS). GRFICS virtualizes entire ICS networks, from the operator interface down to realistic simulations of the physical process visualized in a 3D game engine. Using this framework, students can practice exploiting common ICS vulnerabilities and vividly see the physical impact in the visualization of the process. After gaining a better appreciation of the close relationship between the cyber and the physical worlds in ICS networks, students can then practice hardening the network against such attacks. This free and open-source framework can be used as the basis for formal classroom instruction, ICS-specific CTF competitions, or for independent study.