G-ICS : Green-Er Industrial System Sandbox - Interview with Stéphane Mocanu

G stands for “Green-Er”, because where are here in the Green-Er building in Grenoble And ICS stands for “Industrial Control System Sandbox”, G-ICS is a sandbox for cybersecurity tests and for learning command-and-control supervision systems. Actually a bit more. The physical processes are simulated but we do use the real command-and-control equipment : this is a platform for industrial automation and supervision of industrial systems. Yes. It is a teaching and research platform : on the teaching side, it is mainly for learning industrial supervision and communication protocols. On the research side, it is a cybersecurity demonstrator of industrial systems and also a test platform : it is used for intrusion tests and for the validation or intrusion detection systems (IDS). We stay at a relatively simple level because the goal is not to reproduce the exact dynamics of industrial systems, but rather to get a significant enough complexity and an event-driven simulation of industrial systems.

01:56 - More flexibility because we are not limited to a single specific industrial process We are able to model almost any industrial process we are also able to model electrical distribution networks: we can use protection and command-and-control equipment for electrical distribution networks More generally, we can model almost any type of process. We did not go for full virtualization because we wanted to keep the real command-and-control equipment. The cybersecurity of industrial systems must be studied on very specific equipment with very specific operating systems and I would even say very specific models of the equipment. The key to the system is the electronic interface card between a computer simulation - here a commercial industrial system simulation software - and the controller (PLC) I/O cards. It is a card that allows remote sending of process variables, which will send electrical signals to the input cards of the PLC, will retrieve the outputs from the PLC, and will send them back to the computer simulation.

03:31 - We call “Hardware in the loop” the simulation solution where we associate the computer simulation with the real command-and- control equipment through the electronic interface. Yes. Everything related to the electronic interface cards, i.e the cards manufacturing files, embedded software and the communication protocols specifications, everything is open source. on the INRIA forge. The platform covers the main manufacturers that are found today on the French market and we have communication cards that cover a good twenty, maybe even more, industrial protocols. It is a simulation visualized with a commercial software, which is very good in terms of animation.

04:30 - It simulates a very simple process for sorting packages, As you can see, the process detects small packages and large packages What is interesting is that the command is implemented on a real industrial controller coupled with a supervision screen which shows the current state of the process, all thanks to the communication with the electronic card, which will retrieve the software variables and will inject them into the inputs of the controller. The research was mainly focused on the detection of intrusion in industrial processes, therefore attacks that target the security properties of physical processes. There were 2 PhDs thesis which carried out their experimental part on the platform : one PhD on industrial automation systems, and a second PhD on the cybersecurity of electrical distribution networks substations (protocol IEC 61850). Yes, we can visualize the effects of an attack, we can also visualize the effects of the interaction with the supervision directly on the process. Above all, do not hesitate to replicate the Hardware-in-the-loop simulation system, You can download the manufacturing file and test the card! .