Honeypots - industrial IoT and production systems Alexandra Instituttet A / S (AI) and Aalborg University (AAU)

The purpose is to conduct a feasibility study that creates the foundation and builds the framework for honeypots similar to OT systems.
The result will be a proof-of-concept (PoC) that makes it possible to create honeypots of industrial IoT and production systems based on models of the systems. These honeypots must be able to run on virtual environments, eg on a cloud platform.
The project will also build a collaboration between two Danish players within IoT and OT security, which does not have such a strong collaboration beforehand. Among other things, the partners want to clarify the possibility of a larger research project within honeypots in OT systems that involve relevant Danish actors - public as well as private.

Cyber ​​security is an increasing challenge for all companies, which is especially true when companies' production systems (known as OT1) are connected to the Internet and IoT products become central to the industry. This is a new attack vector, and these systems are attractive attack targets for both cyber espionage and crime.
A classic way to gain insight into hackers' behavior and attack vectors is to make honeypots. A honeypot is a system that can be used to detect, capture and record attempts at hacker attacks. Honeypots create the illusion of real systems, thereby enticing hackers to attack. The partners behind this project already have experience with honeypots that are similar to classic IT systems, where both continuous and automated attacks / scans and more dedicated attacks are observed. Knowledge of what happens in honeypots provides a better understanding of the attackers and can be used to mitigate the risk of an attack on the real system.
In this project, we will explore and create a foundation for building honeypots that are similar to real production systems and industrial IoT products. This will be done in collaboration with Danish companies (Bestseller and Grundfos have both shown interest) - both to give these companies a better understanding of the attacks on their infrastructure and systems, and to involve the industry so that we ensure that we helps solve its challenges. A major challenge with this type of honeypots is that it requires a high degree of virtualization and automation to ensure that the proposed honeypots are realistic and that the data collected is usable.
Research and development in honeypots has primarily concerned classic IT systems and not OT systems. As Denmark is generally at the forefront of digitization, and as there are a number of research and development activities within Smart Production and Industry 4.0, the applicants assess that this area has the potential to be part of the foundation for a sustainable research and development environment. in cybersecurity.
It is noted that the project builds on existing competencies in both AI, which is strong on IoT security, and AAU, which is strong on honeypots and virtual environments related to cyber security. The project plays together with several of the projects that the partners each have, and the project helps to

Developed RIoTPot, a container-based, modular honeypot that emulates IoT and IIoT protocols. The findings helped in identifying suspicious attack sources that targeted IoT and IIoT protocols.