EPIC: A Testbed for Scientifically Rigorous Cyber-Physical Security Experimentation

Recent malware, like Stuxnet and Flame, constitute a major threat to networked critical infrastructures (NCIs), e.g., power plants. They revealed several vulnerabilities in today's NCIs, but most importantly they highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats on both the physical and the cyber parts of NCIs. In this paper, we present EPIC, a novel cyber-physical testbed, and a modern scientific instrument that can provide accurate assessments of the effects that cyber-attacks may have on the cyber and physical dimensions of NCIs. To meet the complexity of today's NCIs, EPIC employs an Emulab-based testbed to recreate the cyber part of NCIs and multiple software simulators for the physical part. Its main advantage is that it can support very accurate, real-time, repeatable, and realistic experiments with heterogeneous infrastructures. We show through several case studies how EPIC can be applied to explore the impact that cyber-attacks and Information and Communications Technology system disruptions have on critical infrastructures.