Digital Twin Training

# Digital Twin Training ## Installation ## Logging in 1. Make sure you have the VPN access for the Digital Twin 2. To view the HMI please log in to `192.168.2.111` 3. To view the SCADA EWS please log in to `192.168.2.200` ## How to use the Digital Twin ### Launch Digital Twin 1. To start the Digital Twin, please start the following machines first before starting the `SCADA` machine. PLCs > 1. SWaT_Twin_PLC_1 > 2. SWaT_Twin_PLC_2 > 3. SWaT_Twin_PLC_3 > 4. SWaT_Twin_PLC_4 > 5. SWaT_Twin_PLC_5 > 6. SWaT_Twin_PLC_6 RIOs > 1. SWaT_Twin_RIO_1 > 2. SWaT_Twin_RIO_2 > 3. SWaT_Twin_RIO_3 > 4. SWaT_Twin_RIO_4 > 5. SWaT_Twin_RIO_5 > 6. SWaT_Twin_RIO_6 Detectors > 1. AICrit_Detector > 2. Plant Proctect (DAD) Attacks > 1. Attack Desk (for Attacking Purposes) 2. Please start the following once everything has started properly: > 1. SWaT_Twin_EWS_SCADA 3. ![](https://i.imgur.com/cS7mdFS.png) Select `Remote Host` from the `Local host` drop down. 4. ![](https://i.imgur.com/3VJNxIe.png) Wait for the process to finish. 5. If you are prompted to choose please choose yes. ![](https://i.imgur.com/w0P1EHL.png) 6. ![](https://i.imgur.com/8RbpEvs.png) The Digital Twin should be running now. 7. HMI View ![](https://i.imgur.com/w7jRbd5.jpg) ## How to launch attacks 1. Connect to the Digital Twin Network 2. import `run_attack_api.py` and `attack_opcua.py` 3. call `run_attack()` function. Example: ```python= from run_attack_api import * from attacks_opcua import * run_attack(MV301, set_actuator_state(VALVE_CLOSE), true_condition) run_attack(MV502, set_actuator_state(VALVE_CLOSE), true_condition) run_attack(LIT602, set_constant(1100), true_condition) run_attack(P602, set_actuator_state(PUMP_STOP), true_condition) ``` or 1. run `FLASK_APP=flask_server.py FLASK_ENV=development flask run --host=0.0.0.0` 2. From there there should be a web-based GUI to start running attacks 3. ![](https://i.imgur.com/cbRA71V.png) 4. ![](https://i.imgur.com/zQCdLFI.png) [When you cliuck on Add Attack] 5. ![](https://i.imgur.com/xc2QXtt.png) [when you click designer] 6. ![](https://i.imgur.com/2myhho2.png) [Click the play button to start, click the stop button to stop the attack] # List of possible attackable variables ## NOTES - For MV it's either `VALVE_CLOSE` or `VALVE_OPEN` - For Pump it's either `PUMP_STOP` or `PUMP_RUN - For Sensors it's `set_constant` ```python= # this can be found in attack_opcua.py # --- SENSORS --- # LIT101 = SensorOPC(name="LIT101", plc_num=1) FIT101 = SensorOPC(name="FIT101", plc_num=1) FIT102 = SensorOPC(name="FIT201", plc_num=1) AIT201 = SensorOPC(name="AIT201", plc_num=2) AIT202 = SensorOPC(name="AIT202", plc_num=2) AIT203 = SensorOPC(name="AIT203", plc_num=2) LIT201 = SensorOPC(name="LIT201", plc_num=2) LIT202 = SensorOPC(name="LIT202", plc_num=2) LIT203 = SensorOPC(name="LIT203", plc_num=2) FIT301 = SensorOPC(name="FIT301", plc_num=3) LIT301 = SensorOPC(name="LIT301", plc_num=3) DPIT301 = SensorOPC(name="DPIT301", plc_num=3) AIT301 = SensorOPC(name="AIT301", plc_num=3) AIT302 = SensorOPC(name="AIT302", plc_num=3) AIT303 = SensorOPC(name="AIT303", plc_num=3) LIT401 = SensorOPC(name="LIT401", plc_num=4) FIT401 = SensorOPC(name="FIT401", plc_num=4) AIT401 = SensorOPC(name="AIT401", plc_num=4) AIT402 = SensorOPC(name='AIT402', plc_num=4) AIT501 = SensorOPC(name="AIT501", plc_num=5) AIT502 = SensorOPC(name="AIT502", plc_num=5) AIT503 = SensorOPC(name="AIT503", plc_num=5) PIT501 = SensorOPC(name="PIT501", plc_num=5) PIT502 = SensorOPC(name="PIT502", plc_num=5) PIT303 = SensorOPC(name="PIT303", plc_num=5) # ? AIT504 = SensorOPC(name="AIT504", plc_num=5) FIT501 = SensorOPC(name="FIT501", plc_num=5) FIT502 = SensorOPC(name="FIT502", plc_num=5) FIT503 = SensorOPC(name="FIT503", plc_num=5) FIT504 = SensorOPC(name="FIT504", plc_num=5) FIT601 = SensorOPC(name="FIT601", plc_num=6) LIT601 = SensorOPC(name="LIT601", plc_num=6) LIT602 = SensorOPC(name="LIT602", plc_num=6) # --- ACTUATORS --- # P101 = ActuatorOPC(name="P101_C", plc_num=1) P102 = ActuatorOPC(name="P102_C", plc_num=1) MV101 = ActuatorOPC(name="MV101_C", plc_num=1) P201 = ActuatorOPC(name="P201_C", plc_num=2) P202 = ActuatorOPC(name="P202_C", plc_num=2) P203 = ActuatorOPC(name="P203_C", plc_num=2) P204 = ActuatorOPC(name="P204_C", plc_num=2) P205 = ActuatorOPC(name="P205_C", plc_num=2) P206 = ActuatorOPC(name="P206_C", plc_num=2) MV201 = ActuatorOPC(name="MV201_C", plc_num=2) P301 = ActuatorOPC(name="P301_C", plc_num=3) P302 = ActuatorOPC(name="P302_C", plc_num=3) MV301 = ActuatorOPC(name="MV301_C", plc_num=3) MV302 = ActuatorOPC(name="MV302_C", plc_num=3) MV303 = ActuatorOPC(name="MV303_C", plc_num=3) MV304 = ActuatorOPC(name="MV304_C", plc_num=3) P401 = ActuatorOPC(name="P401_C", plc_num=4) P402 = ActuatorOPC(name="P402_C", plc_num=4) UV401 = ActuatorOPC(name="UV401_C", plc_num=4) # ? P403 = ActuatorOPC(name="P403_C",plc_num=4) P404 = ActuatorOPC(name="P404_C",plc_num=4) RODrain = ActuatorOPC(name="RODrain_C",plc_num=5) P501 = ActuatorOPC(name="p501Command_C",plc_num=5) P502 = ActuatorOPC(name="P502_C",plc_num=5) MV501 = ActuatorOPC(name="MV501_C",plc_num=5) MV502 = ActuatorOPC(name="MV502_C",plc_num=5) MV503 = ActuatorOPC(name="MV503_C",plc_num=5) MV504 = ActuatorOPC(name="MV504_C",plc_num=5) P601 = ActuatorOPC(name="P601_C",plc_num=6) P602 = ActuatorOPC(name="P602_C",plc_num=6) ``` ##