4.1 LESSONS LEARNED

Our team developed a simple IACS network to an advanced network that covers vulnerabilities found in the risk assessment following ISA/IEC 62443 guidelines. We also conducted a penetration test, created countermeasures, and added additional security appliances. We tried to implement the knowledge learned in the INCS program such as industrial network analysis. We started by creating core milestones that cover the project requirements to help keep us all on track.

4.1.1 WBS (Work Breakdown Structure) and Project Schedule Network Diagram

We created a project proposal which includes a WBS and Project Schedule Network Diagram. A WBS is part of the planning process that shows the decomposition of the project. We assigned high-level tasks and then broke them into smaller and simpler tasks. By creating a WBS, we learned how to create and plan a realistic schedule. Each of the teammates had some broad idea about the project, but a WBS helped us to specify the overall scope and lead us to be on the same page. After building the WBS, we created a Project Schedule Network Diagram based on the milestones. This diagram shows the logical relationship of the project activities to identify a critical path. We could learn how to determine the dependencies of the tasks, duration of the whole project, and each task. During the project process, we faced a few delays and misunderstandings of the concepts. However, we could overcome this by checking the diagram and adjust expectations.

4.1.2 Developing IACS Network

Most of the time, we used virtual interfaces and communication applications to build the network system and share or discuss ideas. We chose VMware to build the network and downloaded installation images such as Kubuntu and Windows Server 2019. We learned how to install, manage virtual network adapters, and configure each machine. Also, by adding security appliances, we could understand the connection between the machines and tools to monitor the traffic. To build a secure network that can protect the assets of the company, we added security appliances. First, we added two pfSense firewalls in the IDMZ and Industrial Zone and created firewall rules to block or allow traffic. Next, we added two SIEMs to support threat detection and security incident management. Security Onion SIEM provides IDS, security monitoring, and log management. Splunk SIEM is specialized to log analysis and alerts and it worked as an analysis tool for the honeypot. Also, the Windows Server 2019 Domain Controller performs easier administration of multiple workstations and manages the user accounts.

4.1.3 Network Assessment and Penetration System

First, we started the network assessment by identifying assets, and then built zones and conduits to perform network segmentation. We also defined foundational requirements associated with security levels. We learned the importance of the network assessment because it was the basis of the advanced network with extra security features. We tried to cover all the vulnerabilities mentioned in the network assessment and it led us to build a secure network system. After identifying vulnerabilities of the network system, we specified firewall rules, added server roles, and created groups and users.

4.2 TECHNICAL OUTCOMES

We started by building an initial network environment using the sample network. We installed virtual machines in VMware and ensured connections between each by using virtual network adapters. Next, we performed a network assessment to figure out the vulnerabilities of the network system, and created countermeasures such as Security Onion and an IACS specific honeypot. We also performed a penetration test based on the social engineering vulnerabilities. After building and upgrading the network, we visited the INCS lab to test the network system. We could ensure that our advanced network with security appliances works as we intended. For example, the firewall successfully blocks the unintended traffic and the IDMZ blocked direct connections between IT and OT networks.

4.3 NON-TECHNICAL OUTCOMES

After teaming up, we started working on the progress report. We adjusted our expectations by discussing the details of the project. We created a project overview including scope and schedule. This helped a lot for each team member to be clear on the project. We also wrote two progress reports based on the milestones that we created at the beginning of the project. We presented about the milestones regarding what we achieved and what was delayed. During other team presentations, we could understand their process phase and new ideas. After the upgrade of the network system, we started writing the final report to show our work. This helped us to organize our thoughts and match the results with the milestones.

4.4 WHAT WENT WELL

There was a little bit of delay because of the remote system and our personal computer storage and memory restrictions, but other things went well based on our schedule. We followed our milestones and Project Schedule Network Diagram to ensure we were on the right path and meeting due dates. The teammates all had their strengths, and we could figure out the issues fast and effectively. We conducted lots of meetings to share ideas and adjust expectations.

4.5 RECOMMENDATIONS FOR NEXT TIME

4.5.1 INCS Lab

Most of the time, we had to work remotely because of COVID-19. If the situation were better, we could do face-to-face meetings and use the INCS lab all the time. Compared to our home computers, the INCS lab has brand new computers, servers, routers, and switches that have lots of memory and are high performance. We faced some downloading issues and storage issues during the project and always had to consider the requirements for running another virtual machine. Lab computers will have less chance to have storage and memory issues and we would be able to add some more software given their higher performance.

4.5.2 Perform Full Assessment and Penetration Test

The duration of this project was 5 weeks. The first week, we had some communication issues about the topic of the project. The second and third week, we created the project proposal and built the initial network with vulnerabilities. So, we had about one week to develop our assessment, perform the penetration test, add security appliances, and upgrade the network system. This was a tight schedule to do a deep analysis, and we eased down on some parts. Next time, if we had more time, we would like to add more topics that we learned in the class.