Reflections Nick - Paiet/Capstone GitHub Wiki

Week 02 Reflection

  • Accomplishments: Acquired half of the devices, reached out to Leahy Center for remaining devices, researched & wrote preliminary code for PLC programming.
  • Tasks Completed: Acquired half of the devices, contacted Leahy Center, researched & wrote code.
  • Issues: School unable to pay for remaining devices.
  • Solution: Reached out to Leahy Center for help.
  • Skills Acquired: LDL programming language.
  • Lessons Learned: Importance of acquiring the right cables & PLC for progress.
  • Thoughts for next week: Focus on acquiring necessary cables & PLC for project progress.

Week 03 Reflection

Tasks Worked On:

  • Identifying the requirements for securing and performing DFIR on ICS, including hardware and software components.
  • Sourcing and procuring ICS components.
  • Configuring and integrating ICS components such as PLCs, HMIs, and Power Supplies.

Issues Encountered and Addressed:

  • Issues are sourcing ICS components.
  • Compatibility issues between different ICS components.
  • Limited understanding of ICS protocols and communication patterns.
  • Difficulty in configuring and integrating the ICS components.

Skills Acquired/Strengthened:

  • Knowledge and understanding of ICS architecture, protocols, and communication patterns.
  • Experience in setting up and configuring ICS components.
  • Improved technical skills in integrating different hardware and software components.

Lessons Learned:

  • The importance of thorough research and analysis in setting up an ICS.
  • The need for careful planning and testing to ensure proper functionality and scalability.
  • The significance of seeking expert advice and consulting relevant literature in addressing technical challenges.

Week 04 Reflection:

Key Objectives for the Sprint: Summary of Accomplishments: We acquired the remaining devices for our Industrial Control System (ICS) network in this sprint. We were initially unable to purchase the devices ourselves, but we contacted the Leahy Center, and they agreed to purchase them for us. The devices are expected to arrive within the next week.

Tasks Worked On:

  • Research and identify the necessary devices for the ICS network.
  • Contact and negotiate with suppliers and vendors for the devices.
  • Seek alternative procurement solutions, such as contacting the Leahy Center.

Tasks Completed:

  • Acquired the remaining devices for the ICS network.

Issues Encountered and How Addressed:

  • Unable to purchase the devices ourselves.
  • Solved by contacting the Leahy Center and obtaining their agreement to purchase our devices.

Skills Acquired or Strengthened:

  • Knowledge of the Ldl programming language.
  • Understanding of ICS protocols, communication patterns, and architecture.

Lessons Learned:

  • The importance of having a backup plan when procurement challenges arise.
  • The value of partnerships and collaborations in achieving project goals.

Thoughts/Ideas Impacting Next Week's Work:

  • The arrival of the devices is a crucial next step in our project, and we're awaiting them.
  • We will begin setting up the ICS network as soon as the devices arrive.
  • Research and identify the hardware and software components for the ICS network.
  • I'd appreciate it if you could purchase all required components and ensure they are received on time.
  • Establish a timeline for the setup of the ICS network.
  • Create a budget for the procurement and setup of the ICS network.
  • Research and select the best suppliers and vendors for the components.
  • Negotiate favorable prices and delivery times with suppliers and vendors.
  • Ensure that all components are compatible with each other and the ICS network.
  • Document all procurement and setup processes for future reference.

Week 05 Reflection

  • Accomplishments, Tasks Undertaken, and Tasks Completed
    • Delivery of the remaining devices
    • Acquisition of cabling materials
    • Initiated the setup process of our environment
  • Challenges Experienced and How They Were Addressed
    • Inadequate documentation on how to cable and set up the PLCs, which was overcome by reaching out to experts in the field and consulting online forums and resources to gather information and insights.
  • Acquired or Enhanced Skills and Lessons Learned
    • Proficiency in LDL programming language
    • Knowledge of ICS protocols, communication patterns, and system architecture
  • Thoughts and Ideas That May Influence the Next Phase of Capstone
    • The cabling process is critical in ensuring the entire system's functionality. It is a priority that you should complete as soon as possible. Also, documenting our processes and procedures as we work through the setup of our environment may be helpful for future reference and for sharing with others.

Week 06 Reflection

  • Accomplishments, Tasks Undertaken, and Tasks Completed
    • Worked with industrial professionals on solutions to our networking and wiring issues
    • Orderded solid copper core cables
    • Didn't burn down 194 :)
  • Challenges Experienced and How They Were Addressed
    • Our multimeter died on us, resulting in our inability to test the continuity of our wiring setup. We solved it by acquiring a new batter for it.
    • Power distribution issues that resulted from continuity issues causing a circuit breaker to trigger. We addressed this using a multimeter to test continuity when wiring to issue proper configuration.
  • Acquired or Enhanced Skills and Lessons Learned
    • Acquired knowledge in electrical wiring and QA testing using a multimeter
  • Thoughts and Ideas That May Influence the Next Phase of Capstone
    • We must work on wiring and writing code for each of our PLC's test processes.

Week 07 Reflection

Summary of accomplishments, tasks worked on, and tasks completed:

  • Researched security measures for industrial control systems
  • Created a risk management plan for industrial control systems
  • Identified potential vulnerabilities
  • Started developing a contingency plan in case of a security breach

Issues encountered and how you addressed them:

  • Difficulty finding reliable sources for information on security measures
  • Consulted with an advisor and used a combination of academic journals and industry publications to gather information

Skills acquired or strengthened and lessons learned:

  • Strengthened research skills
  • Learned about the importance of thorough risk management planning
  • Gained a deeper understanding of the potential consequences of a cyberattack on industrial control systems and the importance of developing contingency plans

Thoughts/ideas that may impact the next week of work on your Capstone:

  • Develop a comprehensive security plan for industrial control systems
  • Incorporate the risk management and contingency plans developed so far
  • Explore the potential use of artificial intelligence in detecting and preventing cyberattacks on industry

Week 08 Reflection

Summary of accomplishments, tasks worked on, and tasks completed:

  • Acquired help from an electrician from the physical plant
  • Started coding out our PLC systems

Issues encountered and addressed:

  • Lack of available documentation on how to cable and set up our PLCs
    • Relying on our own ICS system documentation for reference
  • Inability to copy and paste code into the PLC environment
    • Strengthened our skills and knowledge of Ladder Logic programming language
  • Acquired knowledge of ICS protocols, communication patterns, and architecture
  • Developed skills in quality assurance testing using a multimeter

Skills acquired or strengthened:

  • Ladder Logic programming language
  • Knowledge of ICS protocols, communication patterns, and architecture
  • Electrical wiring skills
  • Quality assurance testing using a multimeter

Thoughts/ideas for the next week of work:

  • Excited to continue coding our environment
  • Confident that the progress made in the past week has set a strong foundation for the work ahead

Week 09 Reflection

  • SPRING BREAK!

Week 10 Reflection

  • Overview of achievements, tasks undertaken, and tasks completed
    • Electrician assisted in wiring the power supply.
    • Continued programming the PLC.
  • Problems faced and solutions implemented
    • Scarcity of documentation for cabling and setting up PLCs. Creating our own ICS system setup guide could be helpful for future projects.
    • Inability to copy and paste code into the PLC environment.
  • Skills gained or improved and insights acquired
    • Proficiency in Ldl programming language.
    • Understanding of ICS protocols, communication patterns, and architecture.
    • Knowledge and abilities in electrical wiring and multimeter-based quality assurance testing, including wiring various connector types.
  • Ideas or thoughts that might affect the upcoming week of Capstone work
    • Ongoing coding of the environment is the next step.

Final Reflection

Summary of accomplishments, tasks worked on, and tasks completed:

  • We acquired and set up all devices for our ICS project.
  • We learned ladder logic to code some of our devices.
  • We set up a C2 for communication and control.
  • We created an incident response playbook to handle potential security incidents.
  • We created documentation on how to cable our power supply and various aspects of building an ICS.

Issues encountered and how they were addressed:

  • We had issues acquiring our devices and got the Leahy Center to acquire half of them for us, and Automation Direct donated the other half.
  • We had difficulty cabling our power supply, so we acquired help from an electrician and created documentation for future projects.

Skills acquired or strengthened and lessons learned:

  • Ladder Logic (LDL) programming language.
  • Knowledge of ICS protocols, communication patterns, and architecture.
  • Knowledge and skills in electrical wiring and quality assurance testing using a multimeter. We learned how to wire different types of connectors.

What we learned and what we might have done differently:

  • We learned more documentation must be available to the public on how to set up ICS and even less on ICS security. Most, if not all, of the available documentation, was created by the manufacturers of ICS systems, with minimal documentation or testing done by third-party organizations.
  • What we would have done differently is possibly making our group a 3-person team. Another thing would be materials acquisition; if we had acquired our materials earlier, we could have tested malware against our systems. This would have allowed us to better understand and address potential security vulnerabilities in our ICS setup.