hydroelectric dam with hunnypOT logo
MICS Capstone Project Spring 2021

hunnypOT

Chang Award
Team members:
Bryan Everly
Greg Herweg
Jennifer Mvongo
Chukwunenye Nnebe
Sam Sabetan

hunnypOT:  a production honeypot for Operational Technology (OT) systems in the power sector.

hunnypOT is a network appliance that simulates an Industrial Control System network. It provides an early warning system so that attacks on Critical Infrastructure (such as power plants, water treatment facilities and telecommunications networks) can be detected before the attacker can cause damage.

Our solution is simple. Plug in our device, and wait. You will receive email and SMS alerts if an attacker tries interacting with it, so that you can immediately start working to kick them out.

Motivation

Attacks on critical infrastructure are increasing, and the impact of those attacks could be catastrophic, affecting not “just” data, but threatening national security, causing environmental damage, hurting the national economy, and even causing human injury or death. The converged Operational Technology (OT)-Information Technology (IT) space is relatively new and growing. Defending an OT system properly and preparing for incident response requires knowledge about the kinds of possible attacks on OT and OT/IT converged systems. Deception technology such as a honeypot is one way to obtain that intelligence and provide a non-invasive foolproof alert of anomalous activity.

2019 Utility Industry survey: 

  • 56% of utilities surveyed report at least one shutdown or operational data loss per year.
  • 54% expect an attack on critical infrastructure in the next 12 months
  • 42% rated their cyber readiness as high
  • 31% rated readiness to respond to or contain a breach as high.

[Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?, Siemens and Ponemon Institute, 04 October 2019]

hunnypOT Design

We leveraged the open source project “Conpot”  to jumpstart the power grid emulation, and have extended its limited emulation to improve realism by supporting more PLC commands. We built logging and command-control servers to capture, alert and log any activity on the emulated PLC.

Overview of software design

Course

Cyber 295. Capstone, Spring 2021
Class Project Gallery

More Information

hunnypOT teaser video

People

Blue and gold image of a honey pot with a black-hat hacker trapped inside
hunnypOT - an OT production honeypot

hunnypOT emulated PLC

Tremendous thanks to:

Tiffany Rad from UC Berkeley

Matthew Travis, former deputy director CISA

Dom Maddalone, Christopher Jimenez and Shane Clancy from Santee Cooper

Developers of Conpot and SNAP7

Customer support at Siemens

Spring 2021 MICS Capstone Instructors and Classmates

Special thanks to Susan Thompson for our awesome logo design!

Last updated:

May 16, 2021