Lowering the Barriers to Industrial Control System Security with GRFICS


David Formby, Georgia Institute of Technology and Fortiphyd Logic; Milad Rad, Georgia Institute of Technology; Raheem Beyah, Georgia Institute of Technology and Fortiphyd Logic


Despite the abundance of free online resources and increased research into innovative educational techniques, the shortage of cybersecurity skills in the workforce continues. The skills gap in the specific area of industrial control system (ICS) security is even more dismal due to the higher barriers to entry raised by the exclusive use of expensive, proprietary hardware and software and the inherent dangers of manipulating real physical processes. To help beginners in ICS security overcome these barriers to entry we developed a graphical realism framework for industrial control simulations (GRFICS). GRFICS virtualizes entire ICS networks, from the operator interface down to realistic simulations of the physical process visualized in a 3D game engine. Using this framework, students can practice exploiting common ICS vulnerabilities and vividly see the physical impact in the visualization of the process. After gaining a better appreciation of the close relationship between the cyber and the physical worlds in ICS networks, students can then practice hardening the network against such attacks. This free and open-source framework can be used as the basis for formal classroom instruction, ICS-specific CTF competitions, or for independent study.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {219740,
author = {David Formby and Milad Rad and Raheem Beyah},
title = {Lowering the Barriers to Industrial Control System Security with {GRFICS}},
booktitle = {2018 USENIX Workshop on Advances in Security Education (ASE 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/ase18/presentation/formby},
publisher = {USENIX Association},
month = aug