Research in iTrust is aimed at the development of methods and supporting tools to aid in the design of secure critical infrastructure. Such infrastructure must be resilient to cyber attacks. Resiliency requires integration into the infrastructure software and hardware devices for preventing attackers from entering a plant, detecting attacks in the event the prevention mechanism has been bypassed, and ensuring that doubly authenticated commands are allowed to pass to actuators such as pumps, generators, and circuit breakers. Researchers at iTrust engage in research and development activities aimed at the creation of a robust and practical triple-defence approach that includes prevention, detection, and control in the face of cyber and cyber-physical attacks.
While researchers design and perform experiments to assess the effectiveness of various components of the triple-defence mechanisms they develop, it is important that such assessment be also carried out by independent teams consisting of people well versed in the design and launch of cyber attacks. It is with this goal in view that iTrust began organising the SUTD Security Showdown event. This event, dubbed as S3, was first held in June 2016 at iTrust. It is organised by a team consisting of faculty, research staff, and administrative staff in iTrust. Several attack and defence teams are invited to iTrust to participate in S3. Two such events have been organised so far, one in 2016 and the other in 2017. This report focuses on the organisation of the S3-17 event and the performance of various attack and defence teams.
The Ministry of Defence, Singapore, and the SUTD-MIT International Design Centre, funded the S3-17 event. The event consists of two key phases – an online qualifier and a live event held at iTrust. Following the online qualifier, five international teams were invited to participate in the live event. Each team was given the opportunity to design attacks against a realistic testbed, namely Secure Water Treatment (SWaT). The goal of each attack team was to meet as many pre-defined challenges as possible within the pre-allocated time.
The S317 Anonymised Report is now available for download!