Typical Staff Size
A compact team of operators, maintenance technicians, lab staff, electricians, supervisors, engineers, safety leads, and administrative personnel supports daily operations.
Training and demo landing page
San Diego Wastewater Treatment Plant
A fictional municipal utility environment for practicing incident management, OT security monitoring, and coordinated emergency response in critical infrastructure.
Operational Setting
SD-WTP represents a small city wastewater treatment plant responsible for protecting public health, reducing environmental impact, and keeping local water infrastructure reliable.
Public Service Mission
The plant collects and treats wastewater, manages biosolids, monitors discharge quality, and maintains critical equipment that communities rarely see but always depend on.
Connected Environment
Industrial control systems, plant historians, workstations, remote access, business email, and collaboration tools all shape the cyber-physical risk picture.
Training scenario
Wastewater Sludge Dewatering
This exercise is based on sludge dewatering, a normal wastewater process that reduces the water content of sludge before hauling, disposal, or beneficial reuse. The process depends on predictable flow, polymer dosing, torque, speed, and equipment health.
A centrifuge is central to the scenario. It spins sludge at high speed so heavier solids separate from liquid. If speed, feed rate, vibration, or control logic are manipulated, the effect can move quickly from process instability to equipment damage, safety concerns, and operational disruption.
1
Thickened Sludge Feed
Sludge enters the dewatering area from upstream treatment processes.
2
Polymer Conditioning
Polymer is added to help solids bind together and separate more efficiently.
3
Centrifuge Separation
High-speed rotation separates cake solids from centrate liquid.
4
Handling and Monitoring
Operators monitor quality, equipment state, alarms, and downstream impacts.
Scenario Inspiration: Stuxnet
The training concept is inspired by the Stuxnet attack, where malicious code targeted industrial control logic and manipulated centrifuge behavior while masking abnormal activity. This exercise adapts that lesson to a fictional wastewater environment: process changes may look like mechanical trouble at first, but the root cause could involve removable media, phishing, credential theft, or OT network compromise.
Clarion OT Monitoring in 2026
By 2026, SD-WTP has deployed passive OT sensors from Clarion OT. The sensors observe traffic without controlling the process, helping teams detect unusual communications, asset behavior, protocol activity, and possible indicators of compromise.
What the Sensor Does
Clarion OT sensors passively monitor industrial network traffic. They can help inventory OT assets, baseline normal behavior, highlight new or unexpected communications, detect suspicious protocol usage, and provide evidence for incident responders without sending control commands to plant equipment.
Why Level 2.5 and 3.5 Matter
Level 2.5 gives visibility close to SCADA and control communications. Level 3.5 gives visibility into the OT DMZ, where remote access, file movement, patch staging, and cross-boundary services often become important during an investigation.
Emergency Response Group
SD-WTP has a young Emergency Response Group with early processes already in place. During an incident, they use an ICS-inspired structure to coordinate leadership, operations, planning, logistics, finance, safety, and public information.
Training Scenarios
Each scenario gives participants a different entry path into the same operational problem: how to identify, coordinate, and respond when cyber activity threatens wastewater operations.
USB Inserted into the Environment
A removable USB device is introduced, similar in spirit to the Stuxnet pathway. Participants investigate whether the event is isolated, whether OT assets show abnormal behavior, and how the centrifuge process is affected.
HR Gift Award Ransomware Email
A staff member opens an HR gift award attachment. The exercise follows the shift from business email compromise to ransomware response, unified command, service continuity, and OT impact assessment.
Clarion OT Credential Phishing
A phishing attack harvests OT credentials tied to Clarion OT access. Participants trace the credential misuse, review passive monitoring clues, and respond when centrifuge behavior starts to resemble the Stuxnet-inspired process manipulation.
Important Links
Use these links during facilitation, participant briefings, and unified command discussion.
Wastewater Sludge Dewatering Process
Interactive process view for the fictional SD-WTP centrifuge and dewatering scenario.
https://iotpivot.com/demo/wtp/Stuxnet Centrifuge Simulation Reference
Reference demo for understanding how centrifuge manipulation inspired this exercise.
https://iotpivot.com/demo/stuxnet/Unified Command Web Meeting
Conference space SD-WTP uses for unified command meetings during an incident response.
https://iotpivot.com/demo/msteams/Clarion OT Phishing Scenario
Credential-harvesting scenario that can lead into OT investigation and centrifuge impact.
https://iotpivot.com/demo/phishing1/
Educational use only
Critical Infrastructure Incident Management Practice
This training platform is for incident management in critical infrastructure and OT environments. It is designed for safe discussion, tabletop-style learning, and demo-based exploration of how organizations coordinate during cyber-physical incidents.
Training and exercise content is for educational purposes only. Developed by Durgesh Kalya. Feedback via LinkedIn:
https://www.linkedin.com/in/durgeshkalya/