With the help of small-scale models, Télécom SudParis‘s cybersecurity platform observes the consequences, both computer-related and material, of a cyber-attack on a physical system. Researchers thereby seek to better understand and appreciate these threats in order to improve critical infrastructure protection. The platform’s next challenge is to carry out these tests on a life-size scale, in order to develop simulations that are even closer to reality.
A small, automated remote-control car moves forward and backward at regular intervals, in front of a little cardboard wall. Jose Manuel Rubio Hernan, a post-doctoral researcher in the RST department (Telecommunication Networks and Services) at Télécom SudParis, handles it carefully. “I’m collecting data about its movement, its distance from the wall and its speed,” explains the researcher. At first glance, it seems to be a strange experiment for studying cybersecurity.
“The goal is then to simulate a cyberattack on the IT protocols controlling the vehicle and to see the resulting data. An attacker could send it incorrect information to change its speed or direction, while communicating false data that appears to be real data to the operator of the vehicle to avoid being detected.” In other words, observing in detail how a cyberattack is carried out and its consequences, not only from an IT perspective but from a physical and material one as well, to better understand how to counter them. All this is done in realistic conditions, with the help of robots and Lego MindStorms models (like the miniature trains pictured above) connected to a computer-controlled network.
“But to really test these cybersecurity processes, we need to scale up: that’s the next challenge for our platform,” adds Joaquin Garcia-Alfaro, research professor in the RST department , and member of the Cyber CNI chair at IMT*. “They may be realistic, but our simulations using models are programmed with a certain determinism. They lack the uncertainties of real life.”
Nevertheless, it would be difficult to ask a company like the SNCF, for example, to make real trains available to observe the results of a test collision caused by a cyberattack. “The benefit of models,” says Jose Manuel Rubio Hernan, “is that they make it possible to at once study real protocols and visualize the consequences on the physical portion in as close to real-life conditions as possible.”
Although simulating realistic situations is one of the primary strengths of the cybersecurity platform at Télécom SudParis, the expertise of its researchers and engineers extends much further.
The platform focuses in particular on the protection of “critical infrastructure.” This term refers to all areas which are likely to have an impact on everyone’s life, especially those managed by CNI Chair partners, such as EDF in energy, Orange for telecommunications and Airbus in air transport and aeronautics.² This issue has been a worldwide concern since the WannaCry ransomware cyberattack crippled computer systems in British hospitals in May 2017.
“All too often, traditional cyberdefense strategies focus simply on protecting data and information provided,” explains Joaquin Garcia-Alfaro. “Our goal with the cybersecurity platform is to improve the protection of the system itself” – and more precisely, who monitors and controls it.
By using the network flow sorting properties of SDN networks (Software-Defined Network), researchers at the cybersecurity platform apply the safeguarding strategies of SCADA technologies (Supervisory Control And Data Acquisition) and remote monitoring and control. These technologies act as an intermediary between the IT layer and the physical layer, within critical infrastructure systems.
“Of course, critical infrastructure operators will always have valid concerns about providing data, collected in real operational conditions, at the risk of revealing weaknesses or having it used for malicious purposes,” says the research professor. The solution is therefore to assure the cybersecurity platform’s partners that their data will be managed under close supervision.
Although progress is being made, the challenge of “scaling up” still remains.
*The Cyber CNI Chair (for Critical National Infrastructures) is led by IMT Atlantique, Télécom ParisTech and Télécom SudParis, with Airbus, Amossys, BNP Paribas, EDF, La Poste, Nokia, Orange, la Société Générale and the Brittany Region as partners.