Simulated operative process: Monitoring of tank level


This blog has been created as part of the subject «Bacheloroppgave med vitenskapsteori og metode», where I will be posting updates on my bachelors project. To find out more about my project you can read the introduction from my pre project report, which I finished today.  You can find the complete document attached in this post, or you can read the Problem definition and background below.

Pre project report


Problem definition and background

In 2010 the uncovering of the Stuxnet-attack shocked the whole world. The complex computer worm was used as a weapon causing havoc on the Iranian uranium enrichment facility in Natanz. By targeting the PLC’s that control the electromechanical components in the facility, it was able to destroy several centrifuges by causing them to burn themselves out. (McAfee, n.d.)

The malware was using undiscovered weaknesses in windows software to spread from USB-sticks to various Microsoft computers. Once the malware was on the computer it searched for a specific Siemens PLC software. From the PLC it was able to manipulate the speed of the centrifuges, periodically spinning the centrifuges too fast while manipulating the feedback so that the operators believed everything was fine. This made the virus practically invisible. (The New Jersey Cybersecurity and Communications Integration Cell, 2017)

This first of its kind attack paved the way for a wave of similarly functioning malwares often referred to as “sons of Stuxnet”.  Some of these include Duqu, Flame, Havex, BlackEnergy, Industroyer, Triton and most recently in 2018, an unnamed malware also attacking Iran. The threat from these kinds of attacks is severe. They can be used to target critical infrastructure such as, powerplants as seen in Iran, they can be used to hit the electrical grids, water treatment facilities, military equipment and more. (McAfee, n.d.) As a matter of fact, Duqu has been observed in energy facilities in eight different countries and both Industroyer and BlackEnergy has been reported to cause power outages in Ukraine. Blackenergy left 1,4 million people without power. (Piggin, 2016)

Since the Stuxnet-attack, the frequency of cyber-attacks has increased. The integration of IT and OT systems has facilitated the problem, making industries more vulnerable to cyber-attacks, both large and small. (Piggin, 2016) One of the most common motivations for cyber-attacks is extorsion and one in four power companies globally has been victim of this. (McAfee, n.d.) Ransomware is a good example of this.

In response to cyber threats such as these, Exera created the cyber security of industrial systems commission in 2013, CT CSI for short. Exera is an association for companies/industries involved in measurement, regulation/control and automation technology. The main purpose of the commission is to monitor the evolution of the legislative and regulatory environment in France, as well as sharing rules of good practice and knowledge of the cybersecurity market. (Commission technique « Cybersécurité des systèmes industriels » Exera, 2020)

To increase awareness among its members and complement efforts undertaken by other security actors, the commission is arranging a hacking tournament. Through discovering security vulnerabilities, the tournament will hopefully contribute to improvements of the equipment from the participating members as well as asses the role of the hardware and software from other suppliers.

A series of objectives for the hackers are defined which relates to the security concerns of the members. Each participant defines and installs an OT-loop which conforms to the standards of Exera. Each OT-loop has its own access and its own equipment, including supervision console, automation/PLC, sensors, actuators and process station simulating an industrial process.

As seen on the figure below, the architecture for the tournament allows direct access to the OT-loop or access via a router which represents a bridge between the IT and OT network. The first scenario is where attackers have direct access to the IT-network. The second scenario is with an additional difficulty, where the attackers have penetrated the company’s IT-network, but still must cross from the IT-to OT network. The attackers in the tournament are selected professional security experts and will try their best to break through the security or discover any vulnerability.

Figure 1: Network schematic of the system. Made using Edraw max and images. (Hipel, n.d.)  (Raspberry Pi, 2020)  (ipc2u, n.d.)

The idea for the project came from a collaboration between IUT and Exera. I will be working on the simulation on the process station and the signal conditioner which interfaces with the I/O module. The name of the project is Simulated operative process: Monitoring of tank, and when it comes to simulations of process systems there are many benefits.

Industrial equipment is incredibly expensive and having the capability of simulating it will lead to great savings and can also give access to systems that previously were too expensive. In a simulation you are in control of every parameter and can easily manipulate and change things in no time. This contrasts to the real world, where for example the changing of physical components can take hours or days and has an associated cost. A simulation has no extra requirement for utilities. No extra water, sewage, power, gas/heat or anything else. It is compact and scalable, allowing multiple systems to be simulated on only one computer. It is safe for the operator and for everyone else, emitting no gasses, fumes or heat, and having no moving parts. The advantages are nearly endless.

To satisfy the requirements of Exera, an industrial solution based on PLC and an industrial network driving and supervising a process is needed. The process itself does not need to be complex, which is why a simple water tank has been chosen. This solution will be very small, can easily be replicated and will allow many participating manufacturers to install their solution in the same room.

IUT is interested in this project because it could be used as a lab exercise for their students, where the students can practice using PID-control (which is part of the curriculum) on the simulated process. An example lab has already been provided from IUT. The lab, as well as a presentation of the tournament and the rules can be found under attachments.

Project objective and tasks

Figure 2: Tank schematic. Made using Edraw max.

The objective of the project is to create a simulation of a water tank on a computer the way described in appendix 2 of the tournament document. It states:

The outflow shall be constant, Dout = Constant. The inflow Din will be randomly selected between Dout/2 and 2*Dout when the valve is open. The height, H is measured continuously by a sensor which provides the information to the plc. If the height is less or equal to Hmin, the plc will command the inflow valve to open. When H is equal to or greater than Hmax, the plc will command the inflow valve to shut. The information about the state of the valve and the flow as well as Hmax and Hmin shall be sent to the plc.  The simulation shall have a graphical display as well, illustrating the state of the tank and its parameters.

The suggested solution by IUT is to use Matlab on the process station in combination with D-space or preferably raspberry pi as the signal processor. There are many possible solutions and robustness of the system is a priority.


Commission technique « Cybersécurité des systèmes industriels » Exera. (2020, January 21). TOURNOI EXERA DE HACKING TESTS D’INTRUSION SUR AUTOMATES ET ÉLÉMENTS ASSOCIÉS.

Hipel. (n.d.). hmi-icon. Retrieved from Hipel.

ipc2u. (n.d.). Softlink Distributed Fieldbus I/O modules. Retrieved from ipc2u:

McAfee. (n.d.). What is Stuxnet. Retrieved from McAfee:

Piggin, R. (2016). Cyber security trends: What should keep CEOs awake at night. Retrieved from ResearchGate:

Raspberry Pi. (2020, 03 13). Retrieved from Wikipedia:

The New Jersey Cybersecurity and Communications Integration Cell. (2017, August 10). Stuxnet. Retrieved from NJCCIC:





One thought on “Simulated operative process: Monitoring of tank level

Legg igjen en kommentar