GAMIFIED PLATFORM FOR OT SECURITY

A PROJECT REPORT
submitted by
Gautham Kannan J B - AM.EN.U4ECE20023
Kiran S Pillai - AM.EN.U4ECE20029
Narikodan Hridul - AM.EN.U4ECE20137
Sreesankar S - AM.EN.U4CSE20165
under the guidance of
Ms. Asha Ashok, Mr. Rahul Lal P
in partial fulfillment for the award of the degree of
BACHELOR OF TECHNOLOGY
in
ELECTRONICS AND COMMUNICATION ENGINEERING

AMRITA SCHOOL OF ENGINEERING

AMRITA VISHWA VIDYAPEETHAM
AMRITAPURI (INDIA)
April - 2024
 AMRITA SCHOOL OF ENGINEERING
AMRITA VISHWA VIDYAPEETHAM
AMRITAPURI (INDIA)

BONAFIDE CERTIFICATE
This is to certify that the project report entitled “Gamified platform for OT Se-
curity” submitted by Gautham Kannan JB (AM.EN.U4ECE20023), Kiran
S Pillai (AM.EN.U4ECE20029), Narikodan Hridul (AM.EN.U4ECE20137)
Sreesankar S (AM.EN.U4CSE20365), in partial fulfillment of the requirements
for the award of the Degree Bachelor of Technology in Electronics and Communication
Engineering is a bonafide record of the work carried out by her under my guidance and
supervision at Amrita School of Engineering, Amritapuri.

Signature of Supervisor: Signature of Examiner with Name

Name of Supervisor: Ms. Asha Ashok
Designation: Assistant Professor
Department of Computer Science
Date: 01/04/2024

Signature of Co-Supervisor:
Name of Co-Supervisor: Rahul Lal P
Designation: Assistant Professor (Sr. Gr)
Department of Electronics and Communication
Date: 01/04/2024
 AMRITA SCHOOL OF ENGINEERING
AMRITA VISHWA VIDYAPEETHAM
AMRITAPURI - 690 542

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERING

DECLARATION

We, Gautham Kannan JB (AM.EN.U4ECE20023), Kiran S Pillai

(AM.EN.U4ECE20029), Narikodan Hridul (AM.EN.U4ECE20137),
Sreesankar S (AM.EN.U4CSE20365) hereby declare that this technical report en-
titled “Gamified Platform for OT Security”, is the record of the original work
done by us under the guidance of Ms. Asha Ashok, Assistant Professor, Depart-
ment of Computer Science Engineering, Amrita School of Computing, Amritapuri, Mr.
Rahul Lal P, Assistant Professor(Sr. Gr), Department of Electronics and Commu-
nication Engineering, Amrita School of Engineering, Amritapuri. To the best of my
knowledge this work has not formed the basis for the award of any degree/diploma/
associateship/fellowship/or a similar award to any candidate in any University.

Place: Amritapuri Signature of the Students

Date: 01/04/2024

Gautham Kannan JB

Kiran S Pillai

Narikodan Hridul

Sreesankar S
Contents

Acknowledgement iv

List of Figures v

List of Tables vi

List of Abbreviations vii

Abstract viii

1 Introduction 1

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Basic Terminologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2.1 OT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2.2 ICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2.3 SCADA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.2.4 PLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2.5 Ladder Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.3 Literature survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

i
 1.3.1 Gamification of cybersecurity for workforce development in crit-

ical infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.3.2 Cybersecurity in Industrial Control System (ICS) . . . . . . . . 10

1.3.3 SWaT: A water treatment testbed for research and training on

ICS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.3.4 SCADA vulnerabilities and attacks: A review of the state-of-the-

art and open issues . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.3.5 Vulnerabilities and Attacks Against Industrial Control Systems

and Critical Infrastructures . . . . . . . . . . . . . . . . . . . . 16

1.3.6 Fooling the Master: Exploiting Weaknesses in the Modbus Protocol 17

1.3.7 Analysis of ICS and SCADA Systems Attacks Using Honeypots 19

1.3.8 Results and Conclusion . . . . . . . . . . . . . . . . . . . . . . . 20

1.4 Problem under investigation . . . . . . . . . . . . . . . . . . . . . . . . 21

2 Theory 23

2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.2.1 OpenPLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.2.2 ScadaBR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.2.3 Visualisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.2.4 TUI Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3 Results and Discussion 30

ii
 3.1 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.1.1 Challenge 1: Brute Force . . . . . . . . . . . . . . . . . . . . . . 30

3.1.2 Challenge 2: HMI Interface Familiarisation . . . . . . . . . . . . 32

3.1.3 Challenge 3: ARP Spoofing . . . . . . . . . . . . . . . . . . . . 33

3.1.4 Challenge 4: Modbus Injection . . . . . . . . . . . . . . . . . . 34

3.1.5 Challenge 5: Malicious Code Injection . . . . . . . . . . . . . . 36

3.2 Integrating Raspberry Pi . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4 Summary, conclusions and scope for further research 39

4.1 Summary and conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 39

4.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

iii
 Acknowledgement

We extend our heartfelt gratitude to Mata Amritanandamayi Devi, the Chan-

cellor of Amrita Vishwa Vidyapeetham, for her unwavering encouragement and vision-
ary leadership. We extend our gratitude to our esteemed Dean, Dr. Balakrishna
Sankar, and Associate Dean, Dr. S.N. Jyothi. We express our sincere appreciation
to Dr. Chidanandamrita Chaithanya, our Chairperson, and Bri. Remya, our
Vice Chairperson, for their unwavering support and motivation. Our deepest thanks
go to our project guides, Ms. Asha Ashok, Assistant Professor in the Department of
Computer Science Engineering at Amrita School of Computing, and Mr. Rahul Lal
P, Assistant Professor (Sr. Gr) in the Department of Electronics and Communication
Engineering at Amrita School of Engineering, Amritapuri. Their dedication and exper-
tise have been the cornerstone of our project’s success. We acknowledge with gratitude
the contributions of our project Coordinators Gayathri Narayanan, Dr. Manazhy
Rashmi, and Dr. K L Nisha and Panel members, Dr. Sreedevi K Menon,
Dr. Gayathri R Prabhu, and Ms. Swathy, for their constructive feedback and
continuous support. Our thanks also extend to the entire Electronics and Communica-
tion Engineering department of Amrita School of Engineering and CSE department of
Amrita School of Computing, Amritapuri, for fostering an environment conducive to
innovation and learning. Lastly, our sincere appreciation to all those who directly or
indirectly contributed to the realization of this project.

iv
List of Figures

1.1 Industrial Technology Hierarchy: PLC, SCADA, ICS, OT . . . . . . . . 4

1.2 Scada components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 TM241 Schneider PLC System . . . . . . . . . . . . . . . . . . . . . . . 6
1.4 Block Diagram of the SWAT process. . . . . . . . . . . . . . . . . . . . 13
1.5 SCADA incidents from 1982 to 2015. . . . . . . . . . . . . . . . . . . . 15
1.6 Structure of a Modbus TCP packet. . . . . . . . . . . . . . . . . . . . . 17

2.1 Block Diagram of the approach . . . . . . . . . . . . . . . . . . . . . . 24

2.2 Open PLC environment and Ladder Logic . . . . . . . . . . . . . . . . 25
2.3 ScadaBR run on local host . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.4 Visualisation web page . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.5 TUI on puTTY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.1 Bruteforce attacking taking place in scadaBR login page . . . . . . . . 30

3.2 The python script to execute bruteforce attack . . . . . . . . . . . . . . 31
3.3 ScadaBR Visualisation(OFF Mode) . . . . . . . . . . . . . . . . . . . . 33
3.4 ScadaBR logged data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.5 Sending ARP packets on HMI’s IP . . . . . . . . . . . . . . . . . . . . 34
3.6 Visualising PLC response . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.7 Modbus injection using Metasploit . . . . . . . . . . . . . . . . . . . . 35
3.8 Modbus injection changing the state of the PLC . . . . . . . . . . . . . 35
3.9 OpenPLC Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.10 Chemical Plant Blast . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.11 Integrating Raspberry Pi . . . . . . . . . . . . . . . . . . . . . . . . . . 38

v
List of Tables

1.1 Comparison of NDTG with other methodologies . . . . . . . . . . . . . 9

1.2 Honeypot open ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

vi
List of Abbreviations

API Application Programming Interface

ARP Address Resolution Protocol
CI Critical Infrastructure
CSS Cascade Style Sheets
CTF Capture The Flag
DNP3 Distributed Network Protocol 3
HMI Human-Machine Interface
HTML Hypertext Markup Language
ICS Industrial Control System
IDS Intrusion Detection Systems
IP Internet Protocol
MIIM Man in the Middle
NDTG Network Defence Training Game
OT Operational Technology
PLC Programmable Logic Controller
SCADA Supervisory Control and Data Acquisition
SNMP Simple Network Management Protocol
SWaT Secure Water Treatment
TUI Terminal User Interface
API Application programming Interface
VM Virtual Machine
VPN Virtual Private Network
VT Virtual Terminal

vii
Abstract

The project aims to design and construct a “Gamified platform for OT security” us-
ing a Raspberry Pi platform. A PLC (Programmable Logic Controller) is a critical
component in industrial automation, controlling various processes and systems. In this
project, a purposely vulnerable PLC system is developed to simulate real-world secu-
rity challenges and vulnerabilities that industrial control systems (ICS) might face. By
creating a controlled environment for testing and learning, the Damn Vulnerable PLC
will facilitate the study of ICS security, penetration testing, and the development of
robust defense mechanisms. The project’s main goals include building a functional and
realistic PLC emulator on a Raspberry Pi, intentionally incorporating vulnerabilities,
and providing a safe platform for cybersecurity professionals and researchers to enhance
their skills and knowledge in securing critical infrastructure.

viii
Chapter 1

Introduction

1.1 Introduction

In an era where critical infrastructure systems, are expressed by Supervisory Control

and Data Acquisition (SCADA) and Operational Technology (OT), form the back-

bone of essential industrial processes, the integration of these systems with the Internet

of Things (IoT) and broader Information Technology (IT) landscapes has introduced

unprecedented challenges in the field of cybersecurity. Because of their growing in-

terconnectedness, SCADA and OT systems which are in charge of monitoring and

coordinating crucial processes including manufacturing, water treatment, oil and gas

distribution, electricity production, and distribution—have come under more threat

from cybercriminals.

These systems’ longevity and frequent reliance on legacy technologies provide a

special risk, making them ill-prepared to resist nowadays cyberattacks. Moreover, the

geographical dispersion of OT/SCADA systems which are often located in isolated or

dangerous areas makes it more challenging to put in place effective physical security

1
measures.

This vulnerability is underscored by the potential consequences of successful cy-

ber attacks on OT/ICS (Industrial Control Systems), which encompass unauthorized

access, operational disruptions, and the prospect of significant damage. The conse-

quences go beyond simple inefficiencies in operations and include important issues like

environmental degradation and safety risks.

Acknowledging the necessity of strengthening OT/ICS system defences and provid-

ing personnels with cybersecurity expertise, this project aims to implement a revolu-

tionary strategy. The main idea behind the proposal is to provide a gamified platform

that is designed for those who are new to the domain and provides an engaging and

instructive environment for understanding vulnerabilities and possible cyber threats in

OT/ICS.

The gamified platform uses the capabilities of the Raspberry Pi 4, an affordable and

adaptable single-board computer, to achieve this goal. Emulation of whole OT/ICS

systems is made possible by this creative usage, which gives users the flexibility to

research, experiment, and decide without having to worry about sacrificing priceless

resources.

The primary goal is to go beyond conventional training approaches and create a dy-

namic, interactive learning environment that fosters information transfer as well as the

development of practical skills for identifying and solving cybersecurity risks. An atten-

tion to portability and cost-effectiveness guarantees accessibility for a wide spectrum

of users, and the platform’s built-in flexibility allows customization to fit the particular

2
requirements of various educational contexts.

Essentially, the goal of this project is to rethink the way that OT/ICS cybersecurity

education is taught in order to build a community that is resilient and proactive and

ready to take on the ever-changing cyberthreat landscape within critical industrial

infrastructure.

1.2 Basic Terminologies

1.2.1 OT

The term “Operational Technology” (OT) refers to the hardware and software tools

used to track, manage, and improve industrial processes. Unlike Information Technol-

ogy (IT), which handles data processing, OT focuses on managing physical devices,

including sensors, programmable logic controllers (PLCs), and supervisory control and

data acquisition (SCADA) systems. In sectors including manufacturing, energy, and

critical infrastructure, operations technology (OT) is essential for maintaining process

dependability, efficiency, and safety. OT is becoming more and more linked with Inter-

net of Things (IoT) and Information Technology (IT) systems in modern settings, which

improves automation but presents cybersecurity issues. Strong cybersecurity measures

must be implemented in order to reduce risks and protect against unauthorised access,

interruptions, and possible harm to industrial processes, given the important nature

of the activities under OT supervision. Understanding OT is vital in navigating the

evolving landscape of industrial technology and cybersecurity.

3
 Figure 1.1: Industrial Technology Hierarchy: PLC, SCADA, ICS, OT

1.2.2 ICS

An Industrial Control System (ICS) is a specialised framework that is used in industrial

settings to monitor, control, and automate operations in order to promote efficiency

and safety. It is made up of hardware and software. Programmable Logic Controllers

(PLCs), which carry out control logic, and Supervisory Control and Data Acquisition

(SCADA) systems, which provide centralised monitoring, are important parts. As the

industrial processes’ core nervous system, ICS smoothly coordinates and controls them.

Forming the basis for all-encompassing systems controlling industrial activities, ICS

is integrated into the larger field of Operational Technology (OT). However, because

of its crucial function, ICS is vulnerable to cybersecurity risks. As a result, strong

security measures are required to guard against unauthorised access and interruptions

and guarantee the safe and effective functioning of critical infrastructure. In order

4
to navigate the complexity of industrial environments, it is essential to understand

industrial control systems.

1.2.3 SCADA

Providing real-time centralised monitoring and control of industrial operations, SCADA

is a crucial system in Industrial Control Systems (ICS) and Operational Technology

(OT). SCADA is a hardware and software system that lets operators gather data,

Figure 1.2: Scada components

monitor, and give instructions. It contributes to industrial process automation by

integrating with sensors and Programmable Logic Controllers (PLCs) for real-time data

processing. SCADA ensures processes align with predefined parameters, responding

promptly to deviations. It works with PLCs to create a unified foundation for effective

process management, and it is essential to the integration of other industrial systems.

SCADA must have strong security measures because of its importance, which leaves it

vulnerable to cybersecurity attacks. Gaining an understanding of SCADA is essential

5
to understanding centralised monitoring and control in industrial environments, which

improves the security and efficiency of industrial operations.

1.2.4 PLC

For industrial automation, a programmable logic controller (PLC) is a type of digital

computer that is specifically made to withstand harsh environment . PLCs, which are

Figure 1.3: TM241 Schneider PLC System

made up of a central processing unit, input/output modules, memory, and communica-

tion ports, process data by means of programmed logic, operate output devices such as

motors and valves, and continuously monitor input devices in order to automate pro-

duction processes. PLCs are used in manufacturing, energy, and transportation, where

they improve productivity and dependability in operations like as assembly lines. They

contribute to thorough industrial process management and monitoring by integrating

easily with control systems like Distributed management Systems (DCS) and Super-

6
visory Control and Data Acquisition (SCADA). PLCs, which are renowned for their

durability, flexibility, and simplicity of programming, are essential to contemporary

industrial automation because they offer a scalable and adaptable solution that can

be customised to meet unique industrial needs. Navigating the complexity of indus-

trial automation and control requires a basic understanding of Programmable Logic

Controllers.

1.2.5 Ladder Logic

Industrial automation frequently uses Ladder Logic, a graphical programming language,

to design and implement control logic for programmable logic controllers. This lan-

guage is very useful for visually and intuitively representing and managing sequential

operations. The basic building components of ladder logic are called “rungs.” These

instructions specify how operations are to be carried out and how reasoning is to pro-

ceed in response to various input scenarios.

Two fundamental components of ladder logic are “contacts” and “coils.” Contacts are

states or input situations that are typically obtained via actual switches or sensors.

They can be classified as generally closed (NC) or normally open (NO). Conversely,

coils stand in for the output devices or actions that are triggered by the logic condi-

tions that the contacts set.

The ladder logic diagram, which represents the sequential flow of the control process, is

read from top to bottom and left to right. Based on the input conditions, the program

updates in real-time the state of the contacts and the ensuing output actions.

7
In conclusion, ladder logic programming offers an organized and visual method for creat-

ing control logic for systems involving industrial automation. Because of its accessibility

and ease of use in graphical form, engineers and technicians working on control system

design and maintenance can easily apply logic for a variety of industrial processes.

1.3 Literature survey

1.3.1 Gamification of cybersecurity for workforce development
in critical infrastructure.
Introduction

The foundation of a country’s operations, critical infrastructure (CI) is essential to

societal and economic processes. For the purpose of national security, CI resilience

must be guaranteed. In order to provide Operational Technology (OT) in CI facilities

with gamified cybersecurity training, this article presents the Network Defence Training

Game (NDTG), which is a component of the Facility Cybersecurity Framework. It talks

about how infrastructure is becoming more and more vulnerable to attacks and stresses

the necessity for flexible defences.

Methodology

For cybersecurity training, the Network Defence Training Game (NDTG) uses a struc-

tured design to simulate an operational technology (OT) network that isn’t built cor-

rectly. As they move through the phases of identification, protection, attack, and

reaction, players deal with attack vectors such as misconfigured security and rogue

devices. The NICE Framework is followed in the learning goals, and participants are

8
scored according to how well they can stop cyberattacks. The Quartet use case serves

as an excellent example of how well the game prepares players for safeguarding critical

infrastructure by presenting real-world cyberthreats in an entertaining and instructive

way.

Element CTD CCIEGE CProtect CNEXS ASfire NDTG

Simulation x x x x x x
Resource Constraints x x x x x
Scenarios x x x x x
Free to Play x x x x
T OODA x x x
OT Concepts x x x
Learning Metrics x x x
Formative Teaching x x
Card-based x x
EO 13800 x
NICE Framework x

Table 1.1: Comparison of NDTG with other methodologies

Results and Inference

This paper highlights the significance of securing Critical Infrastructure (CI) for na-

tional security. It introduces the Network Defense Training Game (NDTG) within the

Facility Cybersecurity Framework, aiming to provide gamified cybersecurity training

for Operational Technology (OT) in CI facilities. To improve cybersecurity training, it

provides a game-based method called the Network Defence Training Game (NDTG),

which is in line with well-known frameworks including the NICE Framework, Lockheed

Martin CKC, and NIST CSF.The study establishes the foundation for improving cy-

bersecurity training and education approaches.

9
1.3.2 Cybersecurity in Industrial Control System (ICS)
Introduction

In today’s industrial environment, the integration of robust cybersecurity systems is es-

sential for the longevity of industrial control systems amid technological advancements.

But raising awareness among stakeholders of the need for cybersecurity measures is

just as difficult as actually putting them into place. The challenge is in retrofitting ex-

tensive cybersecurity protocols—which frequently make use of older technologies—into

networked systems. At the same time, it is vital to raise awareness of the importance of

cybersecurity in industrial settings. Closing this knowledge gap is necessary in order to

foster a culture that recognises the importance of cybersecurity in protecting sensitive

information and guaranteeing the reliable operation of industrial control systems. As a

result, the problem statement captures the combined difficulty of supporting awareness

of the critical need for cybersecurity in order to protect against emerging cyber threats,

while also implementing strong cybersecurity measures inside intricate industrial in-

frastructures.

Methodologies and Findings

The majority of the study projects covered in the literature used qualitative research

approaches to explore the intricacies of cybersecurity in industrial control systems.

The studies formed a complete knowledge of the difficulties and risks these systems

confront by in-depth literature evaluations, thorough background research, and astute

10
observation. The results outline a situation full of obstacles and unanswered questions,

highlighting the crucial part cybersecurity plays in maintaining industrial infrastructure

and protecting essential industry data.

Inference

A strong conclusion is drawn from the thorough examination of the qualitative data

gathered: cybersecurity solutions are essential to the efficient operation of industrial

control systems and the safeguarding of private enterprise data. While the quantitative

data analyses provide encouraging signs of the effectiveness of various cybersecurity

systems, the qualitative insights highlight the importance of cybersecurity measures in

minimising possible attacks. The integration of both qualitative and quantitative data

provides a comprehensive picture of the critical role cybersecurity plays in numerous

industries. It also reveals the complexities and possible hazards associated with the

always changing cyber threat scenario.

1.3.3 SWaT: A water treatment testbed for research and train-

ing on ICS security
Introduction

The SWaT (Secure Water Treatment) testbed is an operational testbed for water treat-

ment that aims to investigate cyber-attacks and system responses, as well as conduct

experiments swith countermeasure designs. It closely resembles real systems in the field

and allows for realistic validations.

11
Architecture of SWaT

SWaT consists of six stages controlled by dual PLCs, with each stage individually

controlled by local PLCs. The testbed leverages a distributed control approach, where

PLCs communicate with each other to obtain state information. The communication

structure involves sensors, actuators, and networks at different levels.

Experiments with SWaT

Several experiments were carried out to evaluate how well the SWaT testbed simulated

physical and cyberattacks on a water treatment plant. The three attacker scenarios that

were the subject of these trials were: an attacker with physical access to the devices,

an attacker in close vicinity to the site but not on it, and an attacker with access to the

local plant communication network. In one experiment, the attackers’ objective was to

completely manipulate the sensors and actuators in the ICS in order to overflow the

raw water tank in SWaT. The attack was successful, and the researchers were able to

show how such an attack might affect the way water is treated.

The efficiency of intrusion detection systems (IDS) in identifying and stopping at-

tacks on the SWaT testbed was examined in a different experiment. The researchers

simulated various forms of assaults, such as denial-of-service and spoofing attacks, and

assessed the IDS’s capacity to identify and counteract them. The findings demonstrated

that while the IDS was successful in stopping most attempts, some were still able to

get past the defences.

12
 Figure 1.4: Block Diagram of the SWAT process.

The efficacy of firewalls in safeguarding the SWaT testbed from cyberattacks was ex-

amined in the third experiment. The ability of several firewall types, including stateful

and stateless firewalls, to block malicious traffic and stop unauthorised access to the

system was assessed by the researchers through testing. The findings demonstrated

that while most attacks were successfully blocked by the firewalls, some managed to

get past it and access the system.

Inference

The design and implementation of the SWaT testbed have yielded valuable lessons, em-

phasizing the significance of collaboration with utility companies, the necessity for re-

alistic examples of detailed Industrial Control Systems (ICS), the challenges associated

with ensuring secure access and visibility, and the potential benefits of interconnecting

13
multiple testbeds to study the cascading effects of cyber attacks.

Overall, the SWaT testbed stands as a unique and invaluable platform for research

and experimentation in the realm of ICS security. While the testbed has proven to

be a valuable tool for researchers and practitioners, acknowledging its limitations and

challenges is crucial. Further research is needed to address these aspects and develop

more accurate and representative models for complex ICSs.

1.3.4 SCADA vulnerabilities and attacks: A review of the

state-of-the-art and open issues
Introduction

This research paper presents an overview of prevailing security challenges and unre-

solved issues within SCADA systems. The authors emphasize their unique contribu-

tions compared to existing literature and provide an organizational outline of the paper.

A thorough description of SCADA’s history, architecture, and security specifications is

given. Additionally, the paper examines related works and discusses the authors’ con-

tributions.

SCADA Vulnerabilities and Attacks

The survey methodology, involving two selection process phases, is outlined. The pa-

per introduces the vulnerability construction process and evaluation methodology for

SCADA IDS and testbeds. It examines the connections between SCADA vulnerabilities

and outlines potential attack scenarios on SCADA systems.

14
 Figure 1.5: SCADA incidents from 1982 to 2015.

SCADA IDS and Testbeds

Existing Intrusion Detection System (IDS) and testbeds are categorized and evaluated.

The paper deliberates on the strengths and weaknesses of current testbeds and outlines

existing controls and mitigation mechanisms to address identified risks. The paper

concludes by discussing open issues and security challenges in the realm of SCADA

systems. The authors underscore the necessity for more research in this area and

suggest potential directions for future work.

Inference

In summary, the literature survey offers a comprehensive overview of the current state-

of-the-art and open issues pertaining to SCADA security. The paper emphasizes the

imperative nature of effective SCADA security measures and advocates for increased

research attention in this domain. The taxonomy of potential attacks on SCADA

15
systems and the evaluation of existing IDS and testbeds furnish valuable insights for

researchers and practitioners in this field.

1.3.5 Vulnerabilities and Attacks Against Industrial Control

Systems and Critical Infrastructures
Objective

This paper presents a comprehensive survey of the prominent threats against Industrial

Control Systems (ICS), communication protocols, and devices used in these environ-

ments. The aim is to provide a detailed understanding of the vulnerabilities and attacks

that these systems are susceptible to.

Methodology

The paper discusses several attacks against critical infrastructure that have occurred in

the past and some of the vulnerabilities that existed in protocols used in ICS. Some of

the prominent ones are Stuxnet, VPNFilter, WannaCry, DNP3, The Modbus commu-

nication protocol, and PROFINET. These attacks and vulnerabilities provide valuable

insights into the security challenges faced by ICS and critical infrastructures.

Gap Identified

Despite the efforts in ICS security education, there is still a gap for technical information

relating to these attacks, protocols, and their vulnerabilities. This gap indicates the

need for more comprehensive and detailed resources that can help in understanding and

mitigating the threats against ICS and critical infrastructures.

16
1.3.6 Fooling the Master: Exploiting Weaknesses in the Mod-
bus Protocol
Introduction

The paper investigates the vulnerabilities of the Modbus protocol in SCADA systems,

with a focus on cyber-attacks such as infecting the master with malware and man-in-

the-middle attacks. The authors underscore the lack of security measures in the Modbus

protocol, especially when integrated with modern TCP/IP systems, posing significant

risks to SCADA environments.

The Modbus protocol is a commonly used in SCADA environments for remote

monitoring and data acquisition. It was widely adopted due to its simplicity and its

compatibility with legacy hardware and software. It is a master-slave protocol, where

the master device initiates queries and the slave devices respond to the queries. The cost

and long life of these systems have led to their continued use despite their vulnerabilities.

Figure 1.6: Structure of a Modbus TCP packet.

17
Methodology

The study employs a simulated environment to demonstrate the exploitation of weak-

nesses in the Modbus protocol. Using Scapy, the researchers conduct two primary

attacks: infecting the master with malware and executing a man-in-the-middle attack.

Scapy, a powerful interactive packet manipulation program written in Python, is uti-

lized in the paper to craft and send packets of various protocols, capture and analyze

network traffic, and simulate network attacks. The malware on the master implemen-

tation involves polling coil status from the slave every second, displaying results on a

web page. The man-in-the-middle attack involves modifying data between the master

and slave, resulting in the master accepting incorrect information about the slave.

The experimental setup includes a simplified Human Machine Interface (HMI) with

a data file and a web page. The data file acts as a substitute for a traditional relational

database, while the web page serves as a graphical interface to the data. The attacks

manipulate the data after the request/response process between the master and slave,

showcasing the vulnerabilities in the Modbus protocol

Result and Inference

The experiments reveal that both attack methodologies lead to the master accepting

inaccurate information about the slave. This outcome is reproducible across various

master implementations, emphasizing the critical need for security enhancements in

Modbus implementations. The study suggests further exploration of potential attacks

on the Modbus protocol and the development of effective detection schemes to bolster

18
the security of Modbus-based networks.

In conclusion, the research highlights the urgent necessity of addressing the vul-

nerabilities in the Modbus protocol to fortify SCADA systems against cyber threats.

By comprehensively understanding and mitigating these weaknesses, organizations can

enhance the resilience and security of their industrial control systems.

1.3.7 Analysis of ICS and SCADA Systems Attacks Using

Honeypots
Introduction

Industrial control systems (ICS) and supervisory control and data acquisition (SCADA)

systems are the backbone of critical infrastructure, managing everything from power

grids to water treatment plants. However, their growing interconnectedness makes

them prime targets for cyberattacks, potentially causing widespread disruption and

endangering public safety. This research addresses this critical issue by exploring the use

of honeypots – decoy systems – to improve security in ICS and SCADA environments.

By analyzing attacker behavior within these honeypots, the authors aim to gain valuable

insights into current threats and develop more effective defense strategies for these vital

systems.

Honeypots for ICS and SCADA Security

The authors propose using honeypots as a way to improve defense-in-depth security

for ICS and SCADA systems. Honeypots are decoy computer systems designed to

mimic real systems and lure attackers away from legitimate targets. By deploying

19
honeypots, ICS and SCADA system operators can gain valuable insights into attacker

tactics, techniques, and procedures (TTPs). This information can be used to improve

the security of real systems by identifying vulnerabilities, strengthening defenses, and

developing targeted detection and mitigation strategies.

Methodology

The honeypot deployment was conducted within a controlled ICS/SCADA testbed,

mimicking real-world functionality without endangering critical infrastructure. Authors

used the OT honeypot ”Conpot” that was deployed along with the current running

architecture and PLC’s. Conpot is well integrated with support to multiple SCADA

protocols which inturn also has flexibility of various PLC from major industry leading

brands. They install the conpot on multiple Virtual machine with different PLC and

assigned it with unique public IP. They collected the logs and assessed the honeypots.

1.3.8 Results and Conclusion

The honeypots were active for a span of 30 days. From the one month of analysis

the protocols focused were HTTP, SNMP, Modbus, BACnet, and S7Comm. From the

initial analysis it has been found that hundreds of IP’s were detected from different

countries, with France having the highest number with 778 IP Addresses followed by

China with 750 IP addresses. On the deeper analysis the ports per IP address were seen

to be the highest in Port 201 with HTTP protocol, followed by Port 24 with SNMP.

Industrial control systems (ICS) and supervisory control and data acquisition (SCADA)

systems are prime targets for cyberattacks due to their critical role in infrastructure and

20
 Honeypot type Open ports
Siemens S7-200 80, 22, 161, 502, 623, 102 and 6009
Siemens S7-300 20, 22, 502, 161 and 102
Table 1.2: Honeypot open ports

industry. Their legacy design makes them vulnerable to malware, unauthorized access,

and denial-of-service attacks. Compromised systems can cause disruption, theft, or

even loss of life. Strong security measures like network segmentation, secure remote

access, and regular updates are crucial.

To further mitigate risks, organizations can utilize honeypots – decoy systems – to

understand attacker behavior and vulnerabilities. By deploying honeypots in controlled

environments, security professionals can identify new attack techniques and improve real

system security through patching and stronger measures. However, honeypots can also

attract attackers, so secure deployment and close monitoring are essential.

1.4 Problem under investigation

The integration of Supervisory Control and Data Acquisition (SCADA) and Opera-

tional Technology (OT) systems with the Internet of Things (IoT) and broader Infor-

mation Technology (IT) landscapes has introduced unprecedented cybersecurity chal-

lenges. These critical infrastructure systems, responsible for essential industrial pro-

cesses like manufacturing, water treatment, and electricity distribution, are increas-

ingly vulnerable to cyber threats due to their growing interconnectedness and reliance

on legacy technologies. Moreover, the geographical dispersion of OT/SCADA systems

complicates the implementation of effective physical security measures. The conse-

21
quences of successful cyber attacks on OT/ICS (Industrial Control Systems) range from

operational disruptions to environmental degradation and safety risks, highlighting the

urgent need to strengthen defenses and provide personnel with cybersecurity expertise.

This project investigates innovative strategies to enhance cybersecurity awareness

and practical skills in the OT/ICS domain through a gamified platform hosted on

Raspberry Pi. This training platform embeds relevant and frequent OT/ICS vulner-

abilities, allowing students or players to learn through challenges and labs focused on

these vulnerabilities.

22
Chapter 2

Theory

2.1 Introduction

ICS and SCADA systems are the core of an approachable learning platform designed for

anyone interested in industrial cybersecurity. This project uses a Raspberry Pi to host

a susceptible PLC, providing an affordable substitute for more traditional and costly

hardware. The principal objective is to augment security consciousness by accentuating

susceptibilities and possible hazards linked to SCADA and ICS systems. In the end,

the initiative teaches participants about the value of strong cybersecurity practises in

industrial settings by giving them a safe space to investigate and exploit vulnerabili-

ties. Capture the Flag (CTF) tasks are used in a gamified manner to help with learning.

2.2 Methodology

The methodology employed in this platform is centered around a comprehensive oper-

ational framework depicted in Figure 2.1, with the Raspberry Pi serving as the hosting

hub for specific services critical to industrial operations, including the Programmable

23
 Figure 2.1: Block Diagram of the approach

Logic Controller (PLC), Visualization, ScadaBR, and TUI Menu. The PLC assumes

a central role, managing industrial processes by regulating machine values according

to programmed instructions, while ScadaBR provides an administrative interface for

manual oversight and intervention. The Visualization component offers a visual depic-

tion of the industrial landscape, not only displaying operational status but also issuing

alerts in case of potential threats or malfunctions. The TUI Menu facilitates navi-

gation through challenges and labs focused on Operational Technology (OT) security,

providing descriptions and hints to participants. Furthermore, the platform adopts a

proactive security testing approach, simulating attacks on the PLC and ScadaBR, with

Visualization serving as a real-time indicator of attack status and severity. Through

this methodology, the platform aims to simulate real-world industrial scenarios and

cultivate a learning environment aimed at enhancing OT security expertise.

24
2.2.1 OpenPLC

OpenPLC serves as a pivotal resource for researchers investigating ICS/SCADA secu-

rity within virtual environments, providing a simulated platform for experimentation

without the risks associated with real-world infrastructure. This invaluable tool enables

the configuration and programming of virtual PLCs that closely mimic their real-world

counterparts, facilitating controlled experiments and vulnerability assessments while

safeguarding against potential disruptions and safety hazards. Leveraging the power

of OpenPLC, investigators can conduct comprehensive analyses of attacker techniques

and test security measures within a realistic ICS/SCADA simulation environment. No-

Figure 2.2: Open PLC environment and Ladder Logic

tably, the project has embraced the utilization of ladder logic programming within the

25
industrial cybersecurity learning platform, as it facilitates the development of logical

circuits governing PLC behavior effectively. This integration enhances the platform’s

capabilities and contributes to a deeper understanding of industrial control system se-

curity.

2.2.2 ScadaBR

ScadaBR, an open-source Supervisory Control and Data Acquisition (SCADA) sys-

tem, is essential in the implementation of our project, particularly in the context of

programming the PLC via OpenPLC. Serving as a crucial component of our opera-

Figure 2.3: ScadaBR run on local host

tions, ScadaBR provides a robust and adaptable platform for monitoring and control-

26
ling a diverse range of industrial processes. Acting as the Human-Machine Interface

(HMI), ScadaBR seamlessly integrates with OpenPLC, facilitating seamless communi-

cation and data exchange with the PLC. This symbiotic relationship not only enables

real-time monitoring and control but also grants access to historical data values, sig-

nificantly enhancing the platform’s analytical capabilities and strengthening security

awareness. Through ScadaBR’s dynamic and user-friendly interface, users are empow-

ered to explore the complexities of industrial cybersecurity, nurturing a comprehensive

understanding of system dynamics. Its clear visualization of PLC-controlled processes

enriches the educational experience, facilitating deeper insights and equipping users

with the skills to navigate the complexities of industrial automation proficiently.

Thus, the strategic partnership between ScadaBR and OpenPLC forms the founda-

tion of our project, propelling us towards unparalleled efficacy in comprehending and

optimizing industrial control systems.

2.2.3 Visualisation

The visualization we have developed is a web page interface designed to provide live

updates on the status of machines and valves within an industry setting. This interface

offers a comprehensive overview, displaying all relevant machines and their correspond-

ing values in a single, easily accessible frame.

The webpage is constructed using HTML, CSS, and JavaScript. The data for each

machine and valve is retrieved from an API provided by a simulation virtual machine

(VM). This simulation VM, in turn, obtains its data directly from the Programmable

27
Logic Controller (PLC).

Figure 2.4: Visualisation web page

A JavaScript function is set to periodically fetch data from the API and update

the HTML page accordingly. We have established separate threshold values for each

machine and valve. If the value for any machine exceeds its threshold, a smoke effect is

triggered on the corresponding machine in the visualization, accompanied by an alert

sound. This serves as a warning signal indicating potential danger or suggesting that

the machine or industry may be under attack.

2.2.4 TUI Menu

The Terminal User Interface (TUI) is a user-friendly interface developed for interacting

with our computer programme or system via a text-based command line. The struc-

ture and user interface of the programme are purely text-based, resulting in a visual

representation. The TUI, which enables effective keyboard communication, is the main

interface via which users interact and manage our platform. Users can choose from a

28
 Figure 2.5: TUI on puTTY

variety of challenges and options through the TUI, providing diverse interaction meth-

ods with our hardware. The Terminal User Interface (TUI) has been developed using

C programming and VT escape commands. It is accessed using standard serial commu-

nication programs like puTTY and Screen and has been embedded into the hardware.

29
Chapter 3

Results and Discussion

3.1 Challenges
3.1.1 Challenge 1: Brute Force

Figure 3.1: Bruteforce attacking taking place in scadaBR login page

In a brute force attack, an attacker systematically tries all possible combinations of

passwords until they find the correct one. This method is often used when there is no

other way to gain access to a system. The goal is to find the correct password by trying

out different combinations, which can be time-consuming but effective if the password

30
 Figure 3.2: The python script to execute bruteforce attack

is weak. To automate the process of entering passwords, we can use Python to emulate

keypress. We can see it being done in figure 3.2. The script iterates though a text

file which would contain a list of vulnerable/leaked passwords and emulate the same.

The inference from this attack is that in real-world scenarios, strong password policies

and multi-factor authentication (MFA) are crucial in preventing successful brute force

attacks.

31
3.1.2 Challenge 2: HMI Interface Familiarisation

The HMI (Human-Machine Interface) serves as the bridge between human operators

and industrial processes. It provides a graphical representation of the plant’s status,

control options, and real-time data. The HMI serves as a critical repository for various

data related to industrial processes. Within its digital confines, it encapsulates essential

insights that drive plant operations. Sensor readings, originating from strategically

positioned sensors throughout the plant, continuously monitor and record variables

such as temperature, pressure, and flow rate. Alarms and events are meticulously

logged, providing information about system faults and critical occurrences. Historical

trends, depicted through graphs, offer context by illustrating how process variables

evolve over time. Configured setpoints and limits guide optimal operation, ensuring

efficient performance. Additionally, process descriptions provide detailed information

about equipment, pipelines, and components. Lastly, user inputs—parameters set by

operators during runtime—dynamically influence the plant’s behavior. In summary,

the HMI acts as both a repository and an interface, bridging the gap between human

operators and the complex machinery of industrial processes.

This challenge includes navigating the HMI through which we can access various

screens, panels, and widgets that reveal critical information about the plant’s operation.

This one includes exploring the HMI interface to find all the data that is stored in the

HMI as well as visualising the data and also manipulating the plant by changing the

state of the PLC through the visualisation that is present inside the HMI.

32
 Figure 3.3: ScadaBR Visualisation(OFF Mode)

Figure 3.4: ScadaBR logged data

3.1.3 Challenge 3: ARP Spoofing

In an ARP spoofing attack, an adversary sends forged ARP messages to other devices on

the network. These messages falsely associate the attacker’s MAC address with the IP

address of another legitimate device. Consequently, traffic intended for the legitimate

device gets redirected to the attacker’s machine. This interception of network traffic

allows the attacker to act as a man-in-the-middle (MITM). This challenge involves

sending arp packets in the name of the scadabr IP by acting as a man in the middle.

33
 Figure 3.5: Sending ARP packets on HMI’s IP

Figure 3.6: Visualising PLC response

The result of this is that the PLC responds from its IP giving away that information

which could be manipulated by the attacker

3.1.4 Challenge 4: Modbus Injection

This challenge involves getting the PLC server IP and modbus network details from

wireshark and using information from this including the operation like writecoils, the

coil value, the address value, etc and using tools like metasploit inorder to implement

34
this. Metasploit, a powerful penetration testing framework, offers a comprehensive suite

of tools for exploiting vulnerabilities in various systems. By leveraging Metasploit’s

command-line interface, we can orchestrate attacks targeting PLCs. With Metasploit’s

Figure 3.7: Modbus injection using Metasploit

Figure 3.8: Modbus injection changing the state of the PLC

robust capabilities, the attacker gains precise control over the exploitation process. By

selecting an exploit module tailored to the identified vulnerabilities within the PLC

35
system, they can efficiently manipulate its functionality to their advantage. Here in

Figure 3.7 we tailor the host ip, operation, the address and the write coil number to

our requirement to turn off the Plant.

3.1.5 Challenge 5: Malicious Code Injection

This attack makes use of a malicious code which is injected to the PLC which inturn

manipulates the PLC’s control logic, causing the system to deviate from its intended

operation. As a consequence, the pressure within the chamber, controlled by the PLC,

surpasses the normal threshold value which results in blasting of the chamber. For

Figure 3.9: OpenPLC Server

36
 Figure 3.10: Chemical Plant Blast

Visualisation, the simulation constantly updates to reflect the evolving conditions. Ini-

tially, the PLC operates within expected parameters. However, as the malicious code

takes effect, the simulation depicts deviations from normal. Pressure readings increase

uncontrollably. Ultimately, the simulation portrays the critical moment when the pres-

sure exceeds the threshold, leading to the chamber’s explosion through a siren sound

and a smoke visual.

3.2 Integrating Raspberry Pi

In our project, we integrated the Raspberry Pi by dockerizing all processes, including

those for the PLC, HMI, and simulation, due to the Raspberry Pi’s inability to run

virtual machines. This approach optimized resource usage and ensured efficient per-

37
formance. Upon powering up, each container starts simultaneously, enabling users to

promptly access necessary IPs and pre-installed tools for a seamless learning experience.

By packaging the setup into a Raspberry Pi image file, users can easily deploy the plat-

form on any Raspberry Pi device, eliminating manual configurations. This integration

forms the foundation of our gamified platform for OT security, prioritizing accessibility

and usability through streamlined processes and user-friendly deployment methods.

Figure 3.11: Integrating Raspberry Pi

38
Chapter 4

Summary, conclusions and scope for

further research

4.1 Summary and conclusions

The modern industrial operations landscape presents previously unheard-of cyberse-

curity challenges as it integrates Supervisory Control and Data Acquisition (SCADA)

and Operational Technology (OT) with the Internet of Things (IoT) and broader In-

formation Technology (IT). These systems are the foundation of critical processes in

these operations. SCADA and OT systems are vulnerable to cyber attacks due to their

extended life cycles and dependence on legacy technology. This vulnerability is further

compounded by their distant and sometimes isolated locations. A ground-breaking

concept has arisen in recognition of the urgent need for efficient cybersecurity measures

to protect against possible threats.

Our project addresses the critical need for increased cybersecurity awareness and

proficiency in the SCADA and OT domains. We have developed an accessible learn-

ing environment that encourages dynamic engagement and interactive education for

39
participants. The innovative use of Raspberry Pi facilitates the simulation of OT/ICS

systems, providing a safe space for beginners to qunderstand vulnerabilities and po-

tential cyber threats. Our custom gamified platform enhances the educational process,

offering a practical solution to bridge the knowledge gap in this crucial field.

By integrating OpenPLC and ScadaBR, our project goes beyond traditional train-

ing methods. It incorporates practical experiences for learners by integrating challenges

such as web-based attacks on SCADA interfaces, analyses of Modbus communication,

and malicious code injection attacks. This not only raises awareness of the consequences

of inadequate security protocols but also equips individuals with the necessary skills

to protect vital infrastructure. The inclusion of Terminal User Interface (TUI), Vi-

sualization interface, and diverse challenges ensure accessibility, customization, and a

thorough understanding of industrial cybersecurity.

Our project represents an advanced response to the growing threats to SCADA

and OT systems cybersecurity. Our goal is to create a resilient community that can

manage the constantly changing cyber threat environment within vital industrial in-

frastructure by transforming education through our gamified platform. This project

not only satisfies the demand for cybersecurity education through hands-on learning

opportunities but also revolutionizes the field and develops a community ready to take

on the difficulties of safeguarding industrial processes in a connected world.

40
4.2 Future Work

Our cybersecurity training platform can be enhanced by refining its gamification el-

ements to boost user engagement and motivation. Integrating an LCD display with

the Raspberry Pi can provide users with real-time error logs, enhancing their learning

experience. By incorporating features like leaderboards, badges, and rewards systems,

active participation and learning can be encouraged. Furthermore, expanding our train-

ing modules by adding more challenges and labs to cover a wider range of vulnerabilities

and industry-specific use cases ensures that our platform remains up-to-date with the

latest cybersecurity trends. This equips users with the necessary skills to safeguard

industrial systems against evolving threats. Moreover, integrating additional microcon-

trollers such as the ESP32 presents opportunities to craft a broader range of advanced

challenges, offering users a deeper understanding of the diverse challenges faced by

OT/ICS systems. This can help simulate real-world situations and prepare users for

handling complex cyber threats effectively.

41
References

[1] Makrakis, G. M., Katsikas, S. K., Gritzalis, S. (2021). Vulnerabilities and at-

tacks against industrial control systems and critical infrastructures. arXiv preprint

arXiv:2109.03945.

[2] Parian, C., Guldimann, T., Bhatia, S. (2020). Fooling the master: Exploiting

weaknesses in the Modbus protocol. Procedia Computer Science, 171, 2453-2458.

[3] Mesbah, M., Hanafy, M., Abdellatif, A., Amin, T. (2023). Analysis of ICS and

SCADA Systems Attacks Using Honeypots. Future Internet, 15 (7), 241.

[4] R. Ramirez, C.-K. Chang, and S.-H. Liang. ”PLC Cyber-Security Challenges in In-

dustrial Networks.” In 2022 18th IEEE/ASME International Conference on Mecha-

tronic and Embedded Systems and Applications (MESA), pages 1–6, 2022.

[5] F. A. Nieto-Escamez and M. D. Roldán-Tapia. ”Gamification as Online Teaching

Strategy During COVID-19: A Mini-Review.” Frontiers in Psychology, 12:648552,

2021.

42
[6] Daniele Antonioli et al. ”Gamifying ICS Security Training and Research: Design,

Implementation, and Results of S3.” In Proceedings of the 2017 Workshop on

Cyber-Physical Systems Security and Privacy, 2017.

[7] Travis D. Ashley et al. ”Gamification of Cybersecurity for Workforce Development

in Critical Infrastructure.” IEEE Access, 10:112487–112501, 2022.

[8] Motaz AlMedires and Mohammed AlMaiah. ”Cybersecurity in Industrial Con-

trol System (ICS).” In 2021 International Conference on Information Technology

(ICIT). IEEE, 2021.

[9] Aditya P. Mathur and Nils Ole Tippenhauer. ”SWaT: A Water Treatment Testbed

for Research and Training on ICS Security.” In 2016 International Workshop on

Cyber-Physical Systems for Smart Water Networks (CySWater). IEEE, 2016.

[10] Manar Alanazi, Abdun Mahmood, and Mohammad Jabed Morshed Chowdhury.

”SCADA Vulnerabilities and Attacks: A Review of the State-of-the-Art and Open

Issues.” Computers Security, 125:103028, 2023.

43