Building an OT Security Microgrid Testbed

Gyebnár Gergő

doi:10.32565/aarms.2024.3.1

Building an OT Security Microgrid Testbed

Gyebnár Gergő

doi: 10.32565/aarms.2024.3.1

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

The copyright to this article is transferred to the University of Public Service Budapest, Hungary (for U.S. government employees: to the extent transferable) effective if and when the article is accepted for publication. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.

The author warrants that this contribution is original and that he/she has full power to make this grant. The author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors.

An author may make an article published by University of Public Service available on a personal home page provided the source of the published article is cited and University of Public Service is mentioned as copyright holder

Abstract

This paper introduces the development of an Operational Technology (OT) security microgrid testbed. The testbed is aligned with the IEC 62443 standard and structured to simulate and mitigate potential security risks within OT systems. It serves as a platform for evaluating cybersecurity strategies through test scenarios and cases, aimed at enhancing the resilience and responsiveness of OT environments to cyber threats. The work described here lays the foundational framework for subsequent research, focusing on cybersecurity measures, including MITRE ATT&CK-based methodologies and detection strategies using machine learning. This initial exploration emphasises the importance of creating a versatile, realistic testing environment to understand and address the unique security challenges faced by OT systems.

Keywords:

Operational Technology cybersecurity microgrid testbed IEC 62443 MITRE ATT&CK security testing feasibility study simulation cyber threat intelligence

How to Cite

Gyebnár, G. (2025) “Building an OT Security Microgrid Testbed”, AARMS – Academic and Applied Research in Military and Public Management Science. Budapest, 23(3), pp. 5–19. doi: 10.32565/aarms.2024.3.1.

References

AttackIQ Enterprise (2022): What is the Pyramid of Pain? Online: https://www.attackiq.com/glossary/pyramid-of-pain/

Black Cell Ltd. (2023): Sector Specific MITRE ATT&CK Heatmaps for Detection Engineering. Online: https://github.com/blackcellltd/Heatmaps

CRESTANI TASCA, Laurence – PIGNATON DE FREITAS, Edison – RECH WAGNER, Flávio (2020): A Study on the Performance Impact of Programmable Logic Controllers Based on Enhanced Architecture and Organization. Microprocessors and Microsystems, 76, 21–22. Online: https://doi.org/10.1016/j.micpro.2020.103082

FRENCH, David (2023): From Soup to Nuts: Building a Detection-as-Code Pipeline. Online: https://medium.com/threatpunter/from-soup-to-nuts-building-a-detection-as-code-pipeline-28945015fc38

FRITSCH, Sebastian (2021): IEC 62443-4-2 Use Case Industrial Firewall. Online: https://www.teletrust.de/fileadmin/user_upload/2021-TeleTrusT-IEC_62443-4-2_Use_Case_Industrial_Firewall.pdf

GnosisX (2023): pfSense. Online: https://medium.com/@contact_45426/pfsense-3616ceb0ded0

Hexagon AB (2024): Digital Twin Solution for Projects and Operations. Online: https://exploreali.hexagon.com/interactive/digital-twin-solution-for-projects-and-operations

International Society of Automation (2024): ISA/IEC 62443 Series of Standards. Online: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

LIAGHATI, Christina (2024): MITRE ATLAS Overview. Online: https://www.dau.edu/sites/default/files/2024-03/MITRE%20ATLAS%20Overview%20for%20sharing.pdf

MITRE ATT&CK (2024): Enterprise Matrix. Online: https://attack.mitre.org/matrices/enterprise/

NABIDOUST, Fatemeh (2024): EMI Filter and PFC (Power Factor Control) Schematic #AltiumDesigner. Online: https://www.researchgate.net/publication/379861549_EMI_Filter_and_PFC_Power_Factor_Control_Schematic_hashtagAltiumDesigner

NACHAAT, Mohamed (2022): Study of Bypassing Microsoft Windows Security Using the MITRE CALDERA Framework. F1000Research, 11, 55–57. Online: https://doi.org/10.12688/f1000research.109148.3

SATTA, Abdelwahhab – BENNACER, Samir (2023): Industrial Control Systems Security with Elastic Security and Zeek. Online: https://www.elastic.co/blog/industrial-control-systems-elastic-security-zeek

SZABÓ, Gergely Gábor (2022): Mit jelent a mikrogrid és mire használható? Online: https://szgg.hu/mit-jelent-a-mikrogrid-es-mire-hasznalhato/

THOMPSON, Katrina (2024): The 10 Most Common Website Security Attacks (and How to Protect Yourself). Online: https://www.tripwire.com/state-of-security/most-common-website-security-attacks-and-how-to-protect-yourself

WESLEY, Lee (2022): Developing OT Security Monitoring Use Cases. Online: https://www.linkedin.com/pulse/developing-ot-security-monitoring-use-cases-wesley-lee/?trk=public_post

Downloads

Download data is not yet available.