Programmable Logic Controllers (PLCs), the digital workhorses of industrial automation, were never originally designed with cybersecurity in mind — yet they now sit at the intersection of IT and OT, often exposed to risks from both worlds.
Cyberattacks on critical infrastructure are no longer hypothetical. From Stuxnet to ransomware targeting manufacturing plants, the need for professionals who understand both operational technology and cybersecurity is more urgent than ever. However, teaching these concepts in an engaging, hands-on way remains a challenge.

This thesis aims to design realistic, modular Red Team (attack) and Blue Team (defense) tasks on PLC systems, so that students can actively explore the vulnerabilities, defensive strategies, and real-world implications of cyber incidents — without crashing an actual factory.
In short: Why just lecture about ladder logic and firewalls when you can simulate an industrial siege and train future defenders on the front lines?

GOALS:

• Analyze suitable PLCs vulnerabilities, threat vectors, and typical attacker behavior for teaching purposes
• Design modular and realistic Red Team attack scenarios and corresponding Blue Team defense tasks
• Create repeatable and scalable teaching framework, allowing instructors to deploy the scenarios in labs or classrooms with minimal setup effort
• Evaluate developed scenarios with students or peers

HELPFUL PRIOR KNOWLEDGE:

• Interest in Cybersecurity and Ethical Hacking (Prior exposure to Red Team/Blue Team concepts or tools (e.g., Wireshark, Metasploit, or Snort) is helpful)
• Basic Understanding of PLCs and automation architectures
• Completion of IT/OT security seminar or willingness to work through it during the thesis