The Q-GridPot® (Grid System Honeypot) network appliance is a specialized, low impact honeypot
appliance specifically for electric power grids using ICS and SCADA. Network honeypots provide
network obfuscation (hiding in plain sight) and denies the hacker easy network reconnaissance, while
greatly increasing the likelihood of detecting a network breach. The Q-GridPot uses GridPot, an open source software package that has built-in IEC 61850 protocols for imitating large scale electric power grids. This allows administrators to create attack surfaces that mimic their actual power grid environment, or portray a very complex and fictional power grid infrastructure. This, in turn, enables administrators to create network obfuscation and deception, thereby denying hackers an accurate map of the network and its machines, as well as increasing the likelihood of the network breach being caught by an Intrusion Detection System (IDS) such as the Q-Box® or by the Q-GridPot itself.The number of deployed decoy attack surfaces is limited only by the number of available LAN IP addresses.
In order to increase the deception capabilities of GridPot, the administrator can create in the Q-GridPot custom Human-Machine Interfaces (HMIs), thereby increasing the number and type of attack surfaces. The response time of the attack surfaces can also be tweaked for various delay times so as to mimic the behavior of an electric power under variable load.GridPot can be accessed using production Human-Machine Interfaces (HMIs) or via a web interface.
Also included is ntopng an open source, enterprise class full packet capture, indexing, and forensics package. In the event of an alert, administrators can immediately capture packets for forensic analysis; plus HoneyBadger, which gives administrators using the Q-GridPot, unlike other honeypot systems, the ability to fight back by identifying the attacker’s location via geolocating the attacker’s IP address(es), as well as prevent TCP injection attacks, including 0-Day (Zero Day) attacks.