Simulation and defence¶

Three environments built from the conditions the incident record describes: unauthenticated protocols, unrestricted boundary crossings, and the gap between what monitoring shows and what the process is doing.

The workbench builds a boundary from nothing, brief by brief, and tests it from both directions. The smart grid simulation makes the consequences of a breached boundary visible on a live dashboard. The ICS access lab works through the full attack surface across five zones: credential chains, unauthenticated protocol surfaces, historian vulnerabilities, and persistent southbound access.

None of them will ever be finished. The threat landscape moves. Some things do not: the protocols these environments exercise have not changed meaningfully since they were specified. That is not a gap in the modelling. It is what the modelling is of.

OT Defence Workbench
Smart Grid SimLab
ICS Access and Persistence SimLab