We have been working on a SCADA Honeynet research project that ended recently. I presented on the various design approaches and interesting findings at InfraGard. You can view the presentation here.

SCADA Honeynets can be used to better understand the threat component of the risk equation and as early attack warning devices on SCADA and DCS.

One of our main goals in the project was to develop a high interaction SCADA Honeynet that was simple to deploy. Ideally the Honeynet would operate on one PC, not require any software licenses (all open source), and not require knowledge of a PLC or Honeynet to deploy. We have achieved this goal and will be releasing the SCADA Honeywall and SCADA Honeypot VMware servers, installation instructions, and a lot more information in late Sept/early October.

Right now we are having a few asset owners install and run the Honeynets based on the documentation. We can build a SCADA Honeynet based on the instructions very quickly, but what appears obvious and well defined to the developer may be unclear to people less close to the project.

Stay tuned for more posts on shared physical SCADA honeypots, exposing SCADA honeynets, virtual SCADA Honeypots lessoned learned, and summarized threat findings from SCADA honeynets.