Lessons Learned from Performing Cyber-Security Research on Critical Infrastructures

The last 5 years has marked a paradigm shift when it comes to focus and awareness on cyber security across industries. In Norway this has been strongly motivated by governmental influence through updated rules and regulations. One initiative addressing cyber challenges has been the 4-year cyber research program CybWin (2019-2022) which has had a holistic, practical approach to cyber security of Norwegian critical infrastructures. A cyber security centre (CSC) research infrastructure was established at the Institute for Energy Technology in Norway. The infrastructure was developed iteratively with the needs of increasingly developing cyber research requirements of CybWin, resulting in capabilities to perform controlled cyber-attack experiments on TRL9 system enclaves in Air Traffic Management and Energy grid control systems. The paper presents experiences from cyber research in the CSC in the period 2019-2022 covering technical aspects of the centre, experimental lessons learned regarding target stakeholders such as red-team and blue-team with regards to research focus and experiment fidelity. The experience from performed research indicates a strong need for access to expertise in information technology and operational technology systems and operations, cyber-attack and cyber defence competence, human factors knowledge and experimental research competence for complex systems.

Keywords: Cyber security, Critical infrastructure, Cyber infrastructure, Operational safety & security, Cyber attack.

Download PDF