4.2.1. Testbeds, Simulation and Datasets

As it is typically neither possible nor safe to carry out cyber-security research studies that include attacks on operational cyber–physical systems, researchers have been using testbeds and simulation to reproduce the operation and characteristics of real-world systems. A number of testbed and simulation platforms have been proposed for the security of water systems. Table 4 outlines reported tools that have been used to support security research for water systems, including developing datasets for testing intrusion detection and validating mitigation techniques. The most widely known and reputable of these are the Secure Water Treatment (SWaT) testbed [43] and water distribution testbed (WADI) [44], both of which were implemented and deployed at iTrust Centre for research in cyber-security at Singapore University of Technology and Design [46]. SWaT consists of a six-stage water treatment process: raw water processing, chemical dosing, ultrafiltration, water purification (reverse osmosis) and backwashing [46]. The testbed also includes a real layered communication network consisting of layer 0 (sensors, actuators, PLCs) and layer 1 (SCADA, HMI, workstation and historians) of the Purdue model, using both wired and wireless network protocols. The WADI testbed is composed of set of tanks (e.g., reservoir tanks, consumer tanks, raw and returned water tanks), chemical dosing systems, and supporting equipment for water storage and distribution. WADI was designed as an extension to the SWaT [46] testbed and, by combining the capabilities of both testbeds, researchers were able to form a complete and fully functional water treatment, storage and distribution testbed for security research. Both testbeds were designed with international collaborators and engineers from the water sector and the combination has facilitated investigations that include the cascading effects of cyber-attacks between different components of the two testbeds. Researchers have also provided the cyber-security research community with datasets [45] containing normal operation and attack scenarios to allow detection methods to be evaluated. These datasets are multivariate time-series collected from real-time data sources such as sensors and actuators. One of the widely studied datasets in cyber-security research is the SWaT dataset [50] containing normal data streams collected from 51 sensors and actuators collected over 7 days, and attack data consisting of 41 attacks carried out over a period of 4 days. The WADI dataset [45] contains data from 123 sensors and actuators collected over a period of 14 days, and two days with attacks. Given the care in their design and their uniqueness, it is no surprise that a significant amount of research has been carried out using these testbeds and datasets. The iTrust Centre also runs schemes for other local

and international researchers to request access to testbeds, subject to availability and an hourly charge.

**Table 4.** Testbeds and simulation tools used for cyber-security studies.


Other identified testbeds include WaterBox [51], a small-scale cyber-physical testbed designed as an in-lab facility built using Arduino boards, pressure sensors, flow meters, motorised valves, and acrylic structure to simulate smart water networks to carry out experiments related to water systems research including cyber-security and control optimisation. Teixeira et al. [58] developed a SCADA testbed system designed for controlling a water storage tank, simulating the process of water treatment and distribution, to test developed solutions such as machine learning based cyber attack detection models. This testbed includes a PLC (Schneider model M241CE40), HMI, water tanks, water pumps, valves, and sensors for water levels, and uses Modbus communication protocol. Miciolino et al. [54] reports FACIES testbed, emulating a water supply and distribution system for a fictional city to study security of water systems as part of EU project FACIES. The testbed consists of acrylic water tanks, sensors and actuators that are connected to PLCs (Modicon M340, Schneider), a SCADA system and a HMI. The communication protocol used by SCADA and PLC is Modbus over TCP protocol.

Simulation tools developed to study security of water systems include EPANET [59] based tools: epanetCPA [52,53], a simulation toolbox designed for simulating water distribution networks; and RISKNOUGHT (2018) [55–57] developed by STOP-IT project as a "cyber-physical stress testing platform for water distribution networks" including functionalities to simulate the flow of information between physical (hydraulic model) and cyber layers (SCADA networks).
