Results from a SCADA-based cyber security competition

Document Type

Conference Proceeding

Publication Date



On April 1 2011, Regis University hosted the 7th Computer and Network Vulnerability Assessment Simulation (CANVAS) competition with a turnout of 68 event competitors and at least two dozen faculty and spectators. The event was a major success and provided Regis University with valuable recognition in the academic community focused on information assurance. The prevailing trends at the end of 2010, the interestingly-named Stuxnet malware, Critical Infrastructure Protection (CIP), and Smart Grid technology deployments, inspired the scenario for this cyber competition. Many government and industry-specific organizations have been stepping up efforts to heighten awareness amongst national organizations managing critical infrastructure, as well as authoring guidelines and policies for moving progress forward on secure infrastructure. In recent times, CIP has received much greater awareness by the United States Congress and other governmental agencies, such as the General Accounting Office (GAO), due to the trend towards "connectedness", with distribution and communications systems being increasingly connected over TCP/IP networks. CIP is especially important due to the far-reaching damage that can be suffered by businesses, industrial and government facilities, and the general populace in the event of a successful cyber attack. Simulating a true utility environment for the purposes of a cyber competition scenario is next to impossible due to resource constraints and unavailability of specialized equipment. However, the essence can be captured, and this is exactly what we strived for in the CANVAS cyber competition in 2011. Our primary goal was to introduce a CIP theme to a cyber competition in order to raise awareness of these types of attacks, especially since many power utilities across the nation are pushing Smart Grid infrastructure in order to offer value-added services to customers and increase efficiencies in power generation and distribution, which will inevitably increase complexity and connectedness of power utility operations and customer home area networks that can be exploited by motivated actors. This paper will discuss these goals as well as some of the intricacies of developing the CANVAS cyber competition, including technical details, extensibility of CIP-focused cyber competitions, as well as the continued development and value of CIP simulation infrastructure.

This document is currently not available here.