The scenario for the 2018 Pacific Rim Collegiate Cyber Defense Competition (PRCCDC) was a power company SCADA system called Scadacs. The blue teams, made up of 8 students from different colleges, had to keep a simulated SCADA network up and running while defending against a group of professional penetration testers, the red team. But we felt it wasn’t enough for the students to be victim of data loss and website defacements, if the red team got into their system they could literally shut off the power.
At first I had the idea that if they are managing a SCADA system we need something more than a collection of servers simulating that type of environment, we needed some blinking lights. I had recently been playing with Raspberry Pis, Arduino, and their GPIO capabilities and it seemed like a fairly simple task to use one of these platforms to have colored LEDs indicate the status of their services. If Apache is running, the light is green. If it’s down, the light would be red. Before we really had a firm idea on exactly what we would be monitoring I started to build a prototype.
The first proof of concept was just a Raspberry PI and a breadboard shoved in a cardboard box with red and green LEDs. It wasn’t anything fancy but I was able to use it to demonstrate the idea to a few of my co-workers. We then started talking about what we should actually be monitoring and we came up with the idea that Scadacs has three power stations they need to keep online. Wind, Nuclear, and Hydroelectric. The Raspberry Pi would indicate the status of each as well as the status of the overall power grid.
The second prototype was a standing board rather than a box with the Pi mounted on the front and used RGB LEDs that could be green, yellow, or red. We decided that there would be a simple webpage that indicates the status of each of the three power stations and the blue teams would have to keep an eye on this page to keep each one within it normal operating parameters. RPMs for the wind turbine, temperature for the nuclear reactor, and water lever for the hydroelectric generator. During the competition we would be able to manipulate the wind speed, core temperature, and water flow. The students would then need to manipulate resistance, coolant flow, and the spillway respectively to keep the gauge, and the LED green. If any of the power were in the red for 30 seconds, it would go into “offline” status and need to be brought back online via a Linux based menu system, which could tale up to 3 minutes (just to make the students squirm while they watch a slow moving progress bar). If all three power stations went offline, to power grid would be down.
All this was great, but it still felt like it was missing something. I mean, so what if a fake power grid is down and the light is red. Between keeping the red team out and responding to business injects the students would have more important things to worry about than a red light. Then I thought, “what if I could actually turn of the power?” And that’s when my evil plan came into being. If the power grid goes down, we’ll kill the power to half the students workstations.
The prototype needed one more thing. A relay to kill power. This was the final piece. Now I could start building the final thing. The stand would be made out of plexiglass and the breadboard would be replaced with a PCB (printed circuit board). The first step was take the schematic for the circuit on the breadboard and turn it into something that could be laid out on a PCB using KiCad. With the help of Don McLane at the University of Washington Tacoma I milled my first PCB and using the laser cutter at FabLab Tacoma I cut out the plexiglass for the stand. After ordering a few parts like a rainbow IDE ribbon from digikey I had everything I needed for a final prototype.
There we go, a final prototype. Now I just need to make 14 of them. Datrium was kind enough to provide us with 14 Raspberry Pis in a beautiful clear case. For the final production run we went with smoked plexiglass. And with the final tough of a printed window cling for labels, here is the final result.
And now to see it in action…
I used a mixture of python, bash, and java scripts and a MySQL database to pull it all together in the back end and make it work. Once the red team got a hold of the database and could manipulate the parameters we had power shutdowns happening left and right. What started out as a simple project ended up taking way more time and money that I first thought, but you can’t argue with the results. And you can’t put a price on the satisfaction you get from watching the students reaction when that siren sounds and they have not a clue what’s about to happen.
All code for this project is available at https://gitlab.com/kgiessel/scadacs.