Proj S07 – CyberXercise

Simulating Threats. Building Resilience.

CyberXercise is a lightweight, on-premises cyber exercise platform that enables OT engineers to investigate and respond to realistic cyber-physical attack scenarios in a safe, structured environment. Built for power generation systems, it combines OT simulation, AR-based impact visualisation, and LLM-assisted scoring — all deployable under $4,000 in hardware.

Introducing Proj S07 – CyberXercise

Cyber Jungle is a scalable cyber training platform designed to simulate realistic enterprise IT and OT environments. As critical infrastructure becomes increasingly interconnected, the platform provides engineers and operators with hands-on, infrastructure-specific training in a safe and controlled setting. By replicating segmented enterprise networks and operational systems, Cyber Jungle delivers a practical solution with low ongoing operational costs to strengthen cyber resilience and preparedness.

Team members

Manimoliyan Elankumuthan (ISTD), Brandon Ng Joon Hoe (ISTD), Ooi Zher Xian (ASD), Augustine Lim King Hwee (ISTD), Chan Wei Ping (ISTD), Teo You Xiang (ISTD), Teo Xu Kai (ISTD)

Instructors:

  • Perry Wee Hian Lam

Writing Instructors:

  • Belinda Seet

Project Roadmap

Empathize

The Growing Threat
As IT and OT networks converge, critical infrastructure — power grids, water treatment plants — face an escalating risk of cyber-physical attacks.

The Training Gap
Through research and stakeholder interviews with CyberXCenter, we found that OT engineers rely on theory-based tabletop exercises that lack real-world realism. Training on live equipment is impractical — it risks downtime, equipment damage, and safety hazards.

Attacks With Real Consequences
Incidents like Stuxnet, the Ukraine power grid attacks, and the Oldsmar water treatment breach prove that cyber threats can cause physical destruction and disrupt essential services. Yet most OT professionals never experience how these attacks actually unfold.

What’s Needed
A training environment that is hands-on, safe, realistic, and accessible — without the cost of enterprise-grade cyber ranges.

Define

The Problem
Working with CyberXCenter, we identified a core gap: OT teams lack a safe, hands-on environment to practise responding to cyber-physical incidents. We scoped the project to power generation systems, aligning with CyberXCenter’s energy sector client base.

What Stakeholders Needed

  • CyberXCenter — lightweight, repeatable platform

  • Instructors — oversight and facilitation tools

  • Participants — structured environment to investigate attacks safely

What We Built
A competitive analysis of SimSpace, Cloud Range, CybExer, and iTrust showed no existing solution combined OT focus, lightweight deployment, physical impact visualisation, and automated scoring. Through seven design iterations, we refined this into a focused, instructor-managed OT exercise platform built on iTrust’s digital twin.

Solution

What Is CyberXercise?
A lightweight, on-premises OT cyber exercise platform where participants investigate and respond to realistic cyber-physical attack scenarios — safely and in a structured environment.

How It’s Built
Runs on a single Minisforum MS-01 server under $4,000, using Proxmox virtualisation with VLAN-segmented networks that mirror real IT/OT architecture.

Key Features

  • Automated attack chains — two scenarios automatically orchestrated, progressing from IT compromise to ICS manipulation

  • Augmented reality — Unity-built AR app on XReal Air 2 Ultra glasses visualises physical consequences on a live 3D power plant model

  • AI guidance — LLM-powered chatbot provides contextual hints during exercises

  • Automated grading — two-stage pipeline evaluates submissions against structured rubrics, with mandatory instructor review

System Architecture and Infrastructure

CyberXercise runs on a single Minisforum MS-01 with Proxmox as the hypervisor and pfSense managing firewall and routing across eight VLAN-segmented network zones — covering workstations, DMZ, OT/IED digital twin, and PLC networks.

  • Backend — FastAPI + PostgreSQL, handling sessions, WebSockets, Automated attack orchestration, and LLM grading

  • Frontend — React 19 (TypeScript, Vite, Tailwind CSS) with separate instructor and participant views

  • Monitoring — Sysmon for endpoint telemetry, ELK for log analysis, Arkime for packet capture

  • AR Module — Unity with XReal SDK and WebSocket-driven real-time visualisation

Key Features and Capabilities

  • Automated attack scenarios — four multi-stage chains from IT compromise to OT manipulation, no manual intervention needed

  • Augmented reality — overlays vibration, lighting, and smoke onto a 3D power plant model in real time

  • AI chat assistant — contextual guidance with dynamically activated attack backgrounds

  • Automated grading — event attribution and rubric-based scoring with mandatory instructor review

  • Instructor controls — session management, live monitoring, and team progress tracking

  • Accessible deployment — single on-premises server, built for organisations that can’t afford enterprise cyber ranges

How it Works?

CyberXercise integrates three technology layers — each addressing a specific gap in existing OT training solutions.

OT Simulation
AR Visualisation
LLM-Assisted Intelligence

Built on iTrust’s digital twin of a power generation system, the OT simulation provides a realistic industrial control environment with PLCs, IEDs, and standard OT protocols. Four fully automated attack chains execute end-to-end without manual input — adapting to agent availability and passing credentials between phases. The network mirrors the Purdue Model with VLAN segmentation, letting participants trace realistic lateral movement across IT and OT zones.

Participants can read SCADA values and logs — but miss the physical anomalies visible in a real plant. The AR module, deployed on XReal Air 2 Ultra glasses, overlays real-time effects like vibration, lighting changes, and smoke onto a 3D combined cycle gas turbine model. Each effect is triggered per component via WebSocket, with intensity scaling to condition severity. The 3D model was built through a pipeline spanning Blender, Rhino 8, Unreal Engine, and Unity, using hybrid marker tracking and plane detection for stable placement.

Two LLM roles operate through a provider-agnostic layer supporting Ollama and OpenAI. The participant chatbot offers context-aware guidance on the environment, topology, and tools — with attack-specific hints injected dynamically based on exercise state, but strict guardrails prevent it from revealing solutions or system prompts. The grading pipeline runs in two stages: attributing each incident report to a specific attack event, then scoring it against a rubric covering activity identification, asset attribution, and technical evidence.

Exercise Workflow and Attack Progression

The instructor creates a session, configures attack scenarios, and shares a team code. Participants join via the web interface — no account registration needed — and signal readiness from the lobby.

Once the session starts, automated attack chains execute across the IT and OT layers. Participants investigate using SCADA dashboards, ELK logs, and Arkime packet captures, while AR glasses display physical effects on the power plant model in real time.

Participants submit incident reports through the dashboard, graded automatically for event attribution and rubric-based scoring. Instructors monitor progress live, send hints, and validate all scores before finalisation — with only the highest score per attack event counting toward the team total.

Design Evolution and Validation

CyberXercise evolved through seven major design iterations, shaped by feedback from SUTD faculty and CyberXCenter mentors. Key shifts included moving from VR to AR — so participants could use SCADA dashboards and investigation tools simultaneously — and from guided responses to open-ended, challenge-based investigation.

LLM-assisted grading and a contextual chatbot were added to support scalable assessment and real-time guidance, reducing the burden on instructors without sacrificing evaluation quality.

User acceptance testing validated usability across both instructor and participant workflows, with all scenarios completed successfully. Stress testing confirmed stable operations under load, and AR testing demonstrated 60fps performance with reliable tracking under normal conditions.

In partnership with :

Acknowledgements

The CyberXercise team would like to express our sincere gratitude to all individuals and organisations whose support made this project possible.

We are deeply thankful to our faculty advisors — Dr Perry Wee Hian Lam, Dr Sumbul Khan, and Dr Franklin Anariba — for their guidance in steering the project from planning through to completion.

We also extend our appreciation to the team at CyberXCenter — Mr Matthias Yeo (CEO), Mr Wei Ping Lee, Mr Jonathan Choo, Mr Marcus Lim, and Mr Keng Hiang — whose insights into operational technology cybersecurity training shaped many of our design decisions.

Special thanks go to iTrust, particularly Dr Jit Biswas and Dr Daisuke Mashima for their expertise in OT/IT cybersecurity, and Ms Rajavelu Sree Devi for her guidance on power generation systems.

Finally, we thank our teammates for their dedication and collaboration throughout this journey.

Menu

ornament-menu
Read More
Read More
Project E10: PactPro - Automated Mergers & Acquisitions
Project E10: PactPro – Automated Mergers & Acquisitions PactPro is...
Read More
Proj E06 - Interstellar - GoldNest
CuliNexus The Digital Backbone of small-and-medium enterprises (SME) Kitchens A smart culinary platform...
Read More
Project E05 - Doby
Problem Context We spoke to over 30 SME owners and operators across Singapore to understand the problem’s...
Read More
Project E02 ATHANOR by BUNGUS
How does Athanor work? Athanor is a plug-and-play fermentation monitoring system that gives breweries...
Read More
Proj 11 - Delta - Smart Meeting Pods
PROBLEM Hybrid and remote work is becoming the new norm, especially as...
Read More
Parents Lah!
A mobile-first, scenario-based casual game grounded in Self-Determination Theory and Baumrind’s...
Read More
Proj 39 - Esplanade - Design Accessibility
Solution Renders and Prototype This inclusive design at Esplanade combines an interactive tactile environment...
Read More
Proj S23 - SITA - Autonomous Luggage Concierge
Problem Air travel has become more accessible than ever. However, for passengers with restricted mobility,...
Read More

Contact the Capstone Office :

+65 6499 4076

8 Somapah Road Singapore 487372

www.sutd.edu.sg/Capstone

capstone@sutd.edu.sg

About Capstone Design Programme

At Singapore University of Technology and Design (SUTD), we believe that the power of design roots from the understanding of human experiences and needs, to create for innovation that enhances and transforms the way we live. This is why we develop a multi-disciplinary curriculum delivered v ia a hands-on, collaborative learning pedagogy and environment that concludes in a Capstone project.

The Capstone project is a collaboration between companies and senior-year students. Students of different majors come together to work in teams and contribute their technology and design expertise to solve real-world challenges faced by companies. The Capstone project will culminate with a design showcase, unveiling the innovative solutions from the graduating cohort.

The Capstone Design Showcase is held annually to celebrate the success of our graduating students and their enthralling multi-disciplinary projects they have developed.

/