Tracking the trails of cyberattackers
“The people trained here will learn the skills and capabilities to ward off cyberthreats,” says Professor Jarmo Harju, who leads the TUTCyberLabs project.
TUTCyberLabs is a new research and education platform that intensifies cybersecurity research and provides hands-on training on how to identify cyberthreats and fight cyberattacks.
Cyberattacks can seriously disrupt the critical functions of society by paralysing critical systems, such as communicaton networks, electricity distribution and water supply. In the worst case, police and defence authorities cannot communicate with each other, hospitals do not have enough electricity for vital operations, and the production lines of factories are brought to a standstill. This scenario is possible in a cyberwar.
Cyberthreats range from cybercrime and cyberactivism (hactivism) to cyberespionage and, as the ultimate form, cyberwar.
Hands-on cybersecurity training
“Cybercriminals make money by taking advantage of vulnerabilities in information security, while hacktivists (hacker activists) perform malicious attacks, claiming to make an ethical statement. Furthermore, many countries conduct systematic cyberespionage,” describes Professor Jarmo Harju from the Department of Pervasive Computing at TUT.
“In all of these cases, tracking the trails left by the perpetrators is quite difficult. Recent developments have opened our eyes about the extent of cyberespionage that is going on. Concrete evidence has been leaked about the advanced tools and methods that are being used to obtain information.”
The TUTCyberLabs research and education platform conducts cybersecurity tests and experiments focused on critical infrastructures. It consists of three cooperating laboratories.
- Equipped with a flexible set of servers, routers, switches, hubs and terminal devices
- Suitable for building a mini‐internet
Industrial automation cybersecurity laboratory
- Consists of components related to communication and control of automation systems
Smart grid ICT laboratory
- Specialises in information and automation systems of power companies of the future, and applications built on top of them
- The most important component is a power system real‐time simulator.
TUTCyberLabs, scheduled to be fully operational by the end of 2014, is a new research and education platform for simulating cyberattacks and defences and for testing the security features of hardware and software. In autumn 2014, TUTCyberLabs will start providing cybersecurity training to TUT students majoring in information security. In 2015, supplementary education training will also become available to external industry professionals. Courses of this type have already been arranged in the industrial automation cybersecurity laboratory of the Department of Automation Science and Engineering with excellent results.
“The people trained here will learn the skills and capabilities to ward off cyberthreats,” says Harju, who leads the TUTCyberLabs project.
Attacking team vs. defending team
A game-like scenario is common in cybersecurity training. Prior to the exercise, vulnerable points are inserted and hidden in a company information network, according to Harju.
“To be able to sabotage the company information system, the attacking team must first detect the vulnerabilities and install malicious code in them. Meanwhile, the defending team tries to protect the company network. To do this, they must be able to spot atypical events and phenomena and deactivate harmful code.”
In real life, cyberattackers may wait even years, trying to find vulnerabilities in their target systems and installing malicious software. At TUTCyberLabs, the timescale is accelerated.
Tackling cyberchallenges in critical systems
A joint project between the Department of Pervasive Computing, the Department of Automation Science and Engineering and the Department of Electrical Engineering, TUTCyberLabs is a unique and boundary-breaking combination of ICT, industry automation and Smart Grid infrastructure expertise. It provides a versatile environment for carrying out active cyberattacks, practicing cyberdefence techniques, searching for vulnerabilities and testing the security of devices, software, applications and system architectures.
“What’s more, it enables the study of interdependencies between critical infrastructures, such as the national grid and communications networks, and allows network monitoring and scanning. Along with identifying and collecting information on different cyberthreats, TUTCyberLabs makes it possible to demonstrate the effects of insufficient cybersecurity,” Harju explains.
Funding from the Academy of Finland
The TUTCyberLabs project has received 540,000 euros of funding from the Academy of Finland through the FIRI2013 call for research infrastructures. The project is steered in close collaboration by Professor Jarmo Harju of the Department of Pervasive Computing, Professor Hannu Koivisto and researcher & information security specialist Jari Seppälä of the Department of Automation Science and Engineering, and Professor Sami Repo of the Department of Electrical Engineering.