Talk G-1: Prototyping a Network Intrusion Detection System: A Deep Dive into CERT.LV’s IACS Lab for Safeguarding Critical Infrastructures

This presentation will explore a Network Intrusion Detection Sytem (NIDS) prototype that has been developed and tested using a novel Industrial and Automation Conrol System (IACS) laboratory in CERT.LV in Riga, Latvia. The IACS laboratory was built in 2019/20 with an aim to mimic parts of the Latvian electrical production and distribution network, which includes gas transmission. CERT.LV collaborated with energy and transport sectors to tailor the laboratory so it works in the same manner and uses the same protocols, devices, and tools used on-site in real life.

Industrial Control Systems (ICS), specifically the Industrial and Automation Control Sys-
tems (IACS), play a crucial role in the operation of critical infrastructure sectors such
as energy, water, transportation, and manufacturing. Given the risks associated with cyber threats, safeguarding IACS from cyber threats has become a top priority for Latvia and other nations worldwide.

The prototype focuses on the IEC 60870-5-104 (IEC 104) protocol,
which is widely used in IACS across Europe. Past known attacks such as CRASHOVERRIDE (https://www.dragos.com/wp-content/uploads/CrashOverride-01.pdf, https://www.wired.com/story/crash-override-malware/) were analyzed and used for development of the prototype.