ALSEC offers a practical laboratory for critical infrastructures of energy supply companies (EVU), which complies with the current cyber security specifications of the industry and contains all current technologies. It includes 6 substations connected to a central control system with SCADA. We make this practical lab available to a wide audience for practical solutions, integration and training and this can also be well adapted to other industries. It includes 6 substations with local SCADA and gateway, as well as the IED`s, a process simulator, the secondary supply and an intrusion detection system. The setup is prepared for process bus integration. A central control system SCADA is supplied with all data via gateways.
ALSEC-Lab-Services_2024.pdf [Only available in German]
IT/OT Trainings in a Lab Environment
- Know the structure and functionalities of a substation/power plant with all OT requirements.
- Understand the control and protection technology.
- In the expert course, you learn in-depth how to set up your critical infrastructure and get a deep practical insight into system integration
Introduction of New Technologies
- New technologies can be integrated, evaluated and tested in the lab.
- Verification as well as release of IT-OT components concerning authentication and authorization.
- Customers as well as suppliers of process bus systems of different technologies can be integrated, parameterized and tested.
Proof of Concept for Customer Products
- Ensuring customer requirements for tenders and proof of concept.
- Verification of customer solution through system integration.
- Proof of Concept execution with detailed report, final report and recommendation for the customer.
Intrusion Detection System (IDS)
- The participants know the application areas and technologies of IDS systems and know how to evaluate them.
- They know how an IDS system is integrated into your critical infrastructure and can detect and evaluate events.
- They understand the structure of a SOC and know the importance of a SIEM.
IT/OT Architecture for Substations/Power Plants
- The participants know the security requirements and respective standards of their industry
- They understand cyber security as well as OT requirements and know how to implement them in their own company.
- They know the importance of technical documentation for integration of the cyber measures.
Cyber Security Audits
- Understand the procedure and specifications of a security audit to be carried out in your company.
- Assessment of vulnerabilities and risks and their criticality.
- Knowledge of the security measures incl. evaluation and prioritization.
- Implementation and testing of the prioritized measures in the laboratory.
IT/OT Trainings in a Lab Environment
Introductory Training
Introduction to the structure of a substation/power plant, from the primary process to the data center or central control station. Familiarization with network layouts, IP concepts as well as firewall matrix. Introduction to critical infrastructures control and protection functions. Introduction to the protocols used by the OT. Basic training IEC61850, IEC60870-5-101/104, file transfer, time synchronization up to the authentication of the OT components via "Role-based Access Control.
Advanced Training
Interpretation of network layout, IP concepts, firewall matrix, "Role-based Access Control", and secure remote access in the lab. Testing of control functions on the local IED as well as on the local SCADA with interlocks and blocking. Testing of the protection functions in the laboratory.
Expert Training
Detailed overall view of the critical infrastructure substation/power plant. The importance of whitelist-blacklist, the implementation of a "Role-based Access Control" for OT components as well as the secure integration of a SCADA system. Calculation, parameterization and testing of network protection functions such as distance protection, reclosure and synchrocheck. IEC61850 system integration, IEC 60870-5-101/104 connections, IEC61850 SCADA & gateway integration as well as network traffic analysis.
Introduction of New Technologies
Network Technologies, VLAN Routed Goose
The lab is modular and supports the integration of new technologies and components, e.g. segmentation with VLANs or use of Routed Goose.
Integration Process Bus
The modular design of the laboratory supports IEC61850-9-2LE. The components are integrated, parameterized and tested in the laboratory.
RBAC Connection of OT Manufacturer Components
The connection of the IT and OT components for authentication as well as the integration of the customer RBAC concept can be parameterized and tested in the laboratory.
Proof of Concept for Customer Products
Execution of the Proof of Concept (PoC), Reporting, Final Report
Execution of a PoC physically in the laboratory. Verification of all specified and conceptual requirements. Reporting, final report and recommendation from the PoC.
Evaluate Specification of the Customer
Assist customers in developing specification and proof-of-concept solutions regarding OT/IT and Cyber Security requirements.
Integration of Customer Products in the Lab
Integration of customer solutions or supplier components in the laboratory.
Intrusion Detection System (IDS)
OT-SOC Setup, Connection to Central SIEM
Based on the corporate security strategy, the IDS system is connected to a central SIEM. The organizational structure of a SOC is shown and its scope of duties defined.
Cyber Monitoring
Presentation and integration of an IDS system in the laboratory. Evaluation and interpretation of alarms and events.
IDS Specification, Evaluation, Integration
Presentation of different intrusion detection systems, their field of application, technologies, integration as well as their advantages and disadvantages.
IT/OT Architecture for Substations/Power Plants
Training, Purdue, "Get-to-Know" the Lab
Introductory training of current security standards in alignment with national as well as international standards, such as VSE Basic Protection for Operational Technology, BSI, NIST, ISO as well as IEC specifications.
Network Lay-out, IP Concept, Network Segmentation,Firewall Matrix, Product Evaluation
Technical integration of security requirements on critical infrastructures. Demonstration of successive technical integration such as network layout, IP concept, segmentation, whitelist vs. blacklist up to firewall matrix.
Requirements Engineering for Critical Infrastructure Substation/Power Plant
From the corporate security strategy to the technical specification, all influences and factors are screened. This concerns the organization, processes and IT/OT requirements.
Cyber Security Audits
Implementation of the Measures in the Lab
The prioritized cyber measures are implemented in the practical laboratory. This is followed by a review and reassessment of the measures taken.
Define Security Measures
Based on the audit performed and the consideration of criticality as well as risk assessment, the participants will define the security measures as well as their priority in implementation.
Performing an ICT Standard Audit in the Lab
Practical execution of a security audit in the laboratory. Getting to know the procedure, the risk evaluation in comparison with the criticality.
