Background

An industrial control system (ICS) is a specialized combination of hardware and software designed to control and monitor the operation of heavy machinery for industrial applications. At the core of industries like manufacturing, water treatment, and transportation, industrial control systems are the backbone of critical infrastructure; any disruption in these systems could have devastating consequences. As such, the main considerations in their design and implementation are stability and robustness. Since these requirements are immutable, they introduce unique challenges in the areas of education and research—particularly in cybersecurity research.

One of the key components in many industrial control systems is the programmable logic controller (PLC), a class of specialized computers suited for the safe and uninterrupted operation of industrial processes. At a high level, a PLC works as follows:

Sensors provide information about the state of the physical world to the PLC by measuring variables like temperature, pressure, or flow. The PLC uses this information, using its programmed logic, to determine what actions need to be taken to achieve the desired outcome in the physical world. Actuators, such as valves, motors, and pumps, are controlled by the PLC to execute these actions.

Challenges Working with Hardware Systems

Unlike typical software systems that only require a standard computer, industrial control systems, which integrate computing with physical processes, depend on specialized hardware. Access to this hardware is often restricted due to its large size and high cost, creating significant barriers for those who wish to study and research these systems.

Ideally, researchers and developers would have access to a complete replica of a cyber-physical system for independent experimentation and testing. However, this is rarely practical due to the expenses and logistical difficulties involved. Moreover, errors or operational downtime in actual industrial environments can lead to severe financial losses or even injuries, making direct experimentation on these systems generally unfeasible.

Solution: ICS Testbed

I developed the ICS Testbed in response to these challenges with the goal of creating a flexible, easy-to-use platform to make industrial control systems more accessible for educational and research applications.

A testbed is a simplified and more affordable representation of a larger, more complex system, designed to be “good enough” to replicate key functionalities for specific applications. The primary purpose of a testbed is to provide a controlled environment where researchers and developers can experiment, validate designs, and conduct tests without needing access to the complete, often costly or logistically challenging, full-scale system. Testbeds are particularly valuable in scenarios where direct experimentation on real-world systems would be too risky or impractical.

Testbeds can take various forms, incorporating hardware, software, or a combination of both. In many cases, they use computer simulations to model hardware components that are impractical to include due to size or complexity.

The ICS testbed uses a hybrid approach that combines a real programmable logic controller (PLC) with simulated sensors and actuators. This setup allows the PLC to be programmed exactly as it would be if it were interacting with actual sensors and actuators, using the same input/output (I/O) interfaces found in real-world applications. As a result, any PLC that meets the I/O requirements can be installed and operated within the testbed, regardless of its manufacturer.

Process Simulation Capabilities

Just as the ICS Testbed is not limited to a specific type of programmable logic controller (PLC), it is also designed to be versatile in simulating a wide variety of industrial processes. I created the simulation engine to achieve an optimal balance between physical accuracy and computational performance, tailored to meet the specific needs of the testbed's intended use cases.

To evaluate the simulation engine's performance characteristics and demonstrate its capabilities, I designed and built a simulation for a three-tank process, a generic chemical process in which different fluids can be measured and mixed together. This process includes a variety of sensors, actuators, and structural components commonly used in analogous real-world processes:

Sensors

• Level (L): senses the height of the fluid in a tank (used in tanks A and C).
• Photoelectric (S): senses weather or not fluid has reached a certain level (used in tank B only).
• Thermocouple (T): senses the temperature of fluid in a tank.

Actuators

• Valve (V): controls the inflow and outflow of fluid into the tanks and valves.
• Pump (P): transfers fluid from one tank to another.
• Heating element (E): raises the temperature of fluid in a tank.
• Mixer (M): agitates the fluids in a tank, combining them.

Other Processes

In addition to the three-tank process discussed so far, the system also supports simulating several other types of processes, as shown below. Users can easily switch between simulations by pressing the “SELECT” button. These additional processes are more specialized than the three-tank process and are designed to represent real-world applications in military and manufacturing settings.

Switching between simulations does not require any hardware changes; only the PLC’s logic needs to be updated to correctly control the selected scenario. The system’s modular software architecture allows for the quick development of new simulation scenarios, which can be deployed through over-the-air (OTA) updates.