In the short term, the research work being done in C3i center on security vulnerabilities of critical infrastructure will be expanded to include automotive and UAV sectors. Also, a masters program in cyber security will be launched at IIT Kanpur. In the long term C3i hub will work upon:

i.    Hardware testing lab will be created to test presence of trojans and side channels in imported hardware,
ii.    Work on all nine layers and three sectors will be initiated,
iii.    At least twenty-five start-ups will be nucleated taking various technologies developed at the Hub to the market,
iv.    Co-development of technologies will be done with at least ten companies in the three sectors,
v.    Ten courses on various aspects of cyber security will be developed on online platform and offered as MooCs,
vi.    Wide range of awareness and executive training programs will be launched along with faculty and student training programs.

India’s first cyber physical critical infrastructure test-beds

C3i Center at IIT Kanpur has established India’s first cyber physical critical infrastructure test-beds for cyber security research. C3i center has Power Generation, Synchronization, Power Transmission, and Power distribution test-beds. We also developed a multi-stage water treatment plant test-bed, an industrial manufacturing test-bed, and plan to create test-beds for other critical infrastructure under the TIH project. All these test-beds are industrial scale which utilize equipment from all available OEM equipment such as Siemens, Schneider, Rockwell, Wago etc. SCADA systems, PLC based control, DCS based control, RTUs, protocol switches for various industrial protocols are used in these test-beds allowing us to do extensive vulnerability assessment and penetration testing (VAPT) . C3i lab so far has done more than 15 responsible disclosures. Eight CVE (Computer Vulnerabilities and Exploits) have already been credited at the International databases that enlists newly discovered vulnerabilities in computer equipment. Some of the vulnerabilities disclosed by C3i are of severity score 9.8 (severe) to 8.8 (severe), 7.5 (High) and 6.5 (medium).

Vulnerability Assessment

Under the Technology Innovation Hub (TIH) project, we will have more researchers to enhance our VAPT (Vulnerability Assessment and Penetration Testing) activities and develop tools that would allow engineers to discover vulnerabilities much more easily than the manual methods normally used to do reverse engineering and various manual experiments to discover those. As a result, our center attracts a lot of utilities, OEMs, and government agencies who want to learn the VAPT skill and want to apply them at scale. We believe that the researchers, engineers, and faculty working in the TIH will broaden the base of people skilled in VAPT in India. We also can create specialized training programs for utility sector so we can impart the knowledge to engineers working in critical infrastructure sector. Another aspect of our work in the C3i which will be further enhanced in the TIH is the capabilities in creating cyber security research oriented test-beds for various industry verticals. We have in the past discussed with replication of such test-beds at other locations such as other IITs, some industry, and even at the government agencies which are concerned with critical infrastructure security.

One of our goal in the TIH will be to train engineers and researchers at other organizations in building such test-beds and to teach them how to utilize them in various cyber threat modelling, VAPT, and protection/mitigation techniques.