Simulate. Attack. Defend. Without Risk.
The most comprehensive OT/ICS cyber training capability in any Indian cyber range. 10 industrial protocols, 3 digital twin process models, hardware-in-loop integration.
10 Industrial Protocols
Real protocol stacks, not packet replays. Attack, defend, and monitor live OT traffic in every exercise.
Modbus TCP/RTU
Register read/write, function code manipulation, device enumeration.
DNP3
Outstation polling, unsolicited responses, cold restart attacks.
OPC UA
Secure channel auth, node browsing, data change subscriptions.
IEC 61850
GOOSE messaging, MMS, substation automation protocol.
BACnet/IP
Building automation — HVAC control, occupancy, fire alarm.
MQTT
Pub/sub IoT messaging, topic hijacking, broker exploitation.
S7comm
Siemens S7 PLC communication, block transfer, memory read.
EtherNet/IP
CIP-based industrial Ethernet, implicit/explicit messaging.
IEC 60870-5-104
Telecontrol for power systems, interrogation, double commands.
Custom Protocols
Proprietary SCADA protocols for domain-specific training scenarios.
3 Digital Twin Process Models
Full-fidelity process simulations with sensors, actuators, HMI dashboards, and historian databases.
Water Treatment Facility
Full water purification process with intake pumps, chemical dosing, filtration, chlorination, and distribution.
- Flow sensors, pressure transducers, pH meters, turbidity monitors
- PLC-controlled pumps, valves, and chemical injection systems
- HMI dashboard with real-time process visualization
- Historian database with trend analysis and alarm management
Power Grid Substation
IEC 61850-compliant substation with protection relays, circuit breakers, and SCADA integration.
- Intelligent Electronic Devices (IEDs) with GOOSE messaging
- Circuit breakers, transformers, and bus configurations
- Protection relay logic with trip/close operations
- Substation HMI with single-line diagram visualization
Manufacturing Assembly Line
Multi-station assembly process with robotic arms, conveyor belts, and quality control sensors.
- PLC-controlled robotic arms with precise positioning
- Conveyor speed control, station interlocks, safety gates
- Vision system quality inspection with reject sorting
- Production counters, OEE metrics, and shift reporting
Protocol Gateway
10 protocol translation pairs enable realistic cross-protocol scenarios. Attack a Modbus device through an OPC UA gateway, or pivot from MQTT to S7comm.
The gateway introduces real-world complexity: protocol translation latency, semantic mismatches, and authentication boundary gaps that create exploitable attack surfaces.
Translation Pairs
ICS/OT Combat Modules
Domain-specific scenarios covering critical national infrastructure verticals.
Power Grid Substations
Attack and defend IEC 61850 substations, protection relays, and SCADA masters. Realistic load-shedding scenarios.
Rail Signalling
Train control systems, interlocking logic, and communication-based train control (CBTC) attack scenarios.
Fuel Pipeline
Pipeline SCADA with pressure monitoring, valve control, leak detection, and emergency shutdown procedures.
Airfield OT
Airfield lighting, ILS, fuel systems, and baggage handling — critical aviation ground infrastructure.
Radar Control
Radar data feed manipulation, spoofing, jamming simulation, and sensor fusion attack vectors.
Compliance Framework Alignment
Every OT exercise maps to IEC 62443 and NERC CIP control requirements for audit-ready training evidence.
IEC 62443
- Zone & Conduit Model
- Security Level Targets (SL-T)
- Component & System Requirements
- Risk Assessment Methodology
NERC CIP
- CIP-002: BES Asset Identification
- CIP-005: Electronic Security Perimeters
- CIP-007: Systems Security Management
- CIP-010: Configuration Change Management
Deploy Your OT/ICS Range
See how Critical Range deploys a complete OT/ICS training environment with digital twins, protocol gateways, and 10 industrial protocols.