ColorTokens OT-in-a-Box: From Concept to Completion – Source: securityboulevard.com

This year, we had a fantastic time meeting attendees, partners, friends, and customers at the RSA Conference Expo floor. You probably noticed this contraption attached to our coffee machine if you stopped by our booth for coffee. What was this, and how did it come to be? And what was it doing at the booth? We answer all your questions here!

We were discussing our booth concept earlier this year, and I noticed that we had a coffee bar adjacent to the presentation area. We have always wanted to showcase our capability to protect OT and IoT devices, and the coffee machine sparked the idea of creating a demonstration platform around it.

Thus, the idea of creating a miniature operational technology network with some PLCs, an HMI, a SCADA server, and networking components was born. ColorTokens Xshield would protect the network with a DIN-mounted Gatekeeper that provides network visibility and policy enforcement for the PLCs and HMI.

I drew a rough network sketch to identify the components needed and develop a hardware bill of materials. I selected components available in our lab and identified low-cost PLCs and a 5″ touchscreen HMI. A Raspberry Pi 5 would serve as a SCADA server.

For the second year in a row, I planned to conduct a Jeopardy-style capture-the-flag contest at our booth, and I decided to include some hardware and OT-related challenges. I added a Wi-Fi access point to allow participants access to the network. I planned to turn off the SSID beacon and have the CTF participants find and scan a QR code to discover it. I planned to hide the Wi-Fi password in an NFC tag affixed to the Raspberry Pi. As it turned out, our CTF participants loved this part of the contest!

Now, back to the construction. There were a few critical requirements. First, it had to be portable and not too heavy – I figured I might have to carry it for a few blocks from a parking lot to the Moscone Center. A metal cabinet was my first choice, but a 24″ x 24″ x 8″ steel cabinet weighed about 45 lbs, so I opted instead for a home-built wooden cabinet with a 24″ x 24″ x ½” plywood back and 5″ x ¾” redwood planks cut to size.

I started the assembly by mounting the DIN rails and several raceways on the painted plywood back. All line-powered AC devices, like the power supplies, relays, and circuit breaker, would stay at the bottom of the box along with the ColorTokens Gatekeeper. The PLCs and SCADA would go in the middle tier, and the HMI at the top. The HMI would then be at eye level for the average adult. The networking gear would go on the left.

Here’s a photograph of most of the components mounted and undergoing some testing of the network so far. Programmable Logic Controllers (PLCs) are the brains behind industrial automation, and I wanted a couple of low-cost devices with Ethernet interfaces. I chose Click Plus PLCs from Automation Direct based on a recommendation by Mike Holcomb when I met him at DEF CON 32 last year. These PLCs are budget-friendly and very versatile, and Automation Direct provides free ladder programming software. They lack some of the more advanced features found in PLCs by Siemens, Rockwell Automation/Allen-Bradley, etc., but are more than adequate for demo systems. I found a DIN-mount enclosure for the Raspberry Pi 5 and installed all the controller systems on the middle rail.

The 8-port Netgear switch was from our lab stock and went on the left side of the box. A pair of DIN-rail power supplies provide 24V and 48V DC to the various components and make up the bottom rail, along with a circuit breaker, relay, and a power outlet for the coffee machine.

I then installed a PoE-powered wireless access point at the top left corner for participant access. The HMI is a C-More CM5-series, also from Automation Direct. Its compact size and free programming software make it especially appealing for demo systems. I had to design and 3D-print an enclosure for it, as it is usually mounted in a panel enclosure, not on a flat piece of plywood!

I mounted a 3-color light tower on the right side and connected each lamp to an output driver on a PLC. The Click Plus PLC has a unique drum sequencer component that makes it very easy to create any flashing light sequence, and I intended to use this to simulate an industrial process.

The picture below shows the final assembled system, thoroughly tested and ready for the demo floor at the RSA Conference Expo!

The system is connected to the Internet, allowing the Gatekeeper to communicate with the SaaS-based Xshield console. We can deploy the ColorTokens Xshield console as an on-premises solution, but the SaaS-based deployment was more straightforward to integrate into the CTF contest. The little router at the bottom left of the box is a device from MikroTik. At under $60, this is hands down the most affordable and hackable router I’ve ever seen. This router connects to the RSA Conference wired network and isolates the OT lab from other hackers on the floor!

So, how did we use this at the show? The system represented a coffee-making enterprise with one PLC controlling the roasting equipment (simulated by the light tower) and another controlling the brewing equipment (a real Keurig coffee machine!). The SCADA server runs the roasting equipment hourly and turns the coffee machine on in the morning and off at night. The HMI provides local control over both systems. The addition of the ColorTokens Gatekeeper and the Xshield solution enabled our enterprise to become breach ready. What does this mean?

Imagine an adversary gaining access to the network and compromising the SCADA server, which is, after all, running a commercial off-the-shelf operating system. With ColorTokens Xshield, you can effortlessly isolate the microsegment containing the PLCs and HMI from the rest of the network. Isolating the business-critical portions of the network ensures that we do not disrupt our revenue-generating, coffee-serving operation even amid a cyberattack.

The OT-in-a-Box lab is now back from the show and greeting visitors at our office in San Jose!

If you want to know more about OT security and how ColorTokens can help, please reach out to us at colortokens.com/contact-us

The post ColorTokens OT-in-a-Box: From Concept to Completion appeared first on ColorTokens.

*** This is a Security Bloggers Network syndicated blog from ColorTokens authored by Venky Raju. Read the original post at: https://colortokens.com/blogs/ot-security-industrial-setup/