The STOP-IT project has released a number of research results, including tools, technologies, best practice guidelines, reports, materials, and an integrated STOP-IT platform with modular components. You find most of our downloads here or when you click on the boxes below.
Here are some of our Key Exploitable Results
Key Exploitable Results are results of the project that can be a) exploited or used in further research activities, b) used to develop, create and market a product or process, or c) used to create and provide a service or standardisation activity.
An Access Control System based on the use of Electronic Locks (Smart Locks) and a mobile App, directly connected to the SCADA systems.
Description of the solution | As a protection measure against physical threats, STOP-IT partners Mekorot and Aplicatzia developed Meklock, a smart lock system that is useful for any company that maintains and operates facilities with multiple buildings, entrances and cabinets with large quantities of expensive equipment, vulnerable to break-ins and sabotage. |
Challenges addressed | With the help of the system it is possible to track entry of authorized users or enable or disable remote privileges for opening and locking doors. It does not require the implementation of wired or wireless infrastructure and therefore reduces maintenance costs. It increases the safety, is user friendly and flexible, offers navigation to facilities and works with a standalone system, among other things. |
Innovation | Meklock is an innovative access-control mobile app with a sophisticated management system that interacts with electronic locks. |
Download or further information | A Youtube video about the Meklock system. |
Contact | Saar Afuta (Aplicatzia): saar@aplicatzia.com |
The Cross Layer Security Information and Event Management (XL-SIEM) detects incidents, correlates events received from different monitoring probes and generates the corresponding alerts when incidents are detected.
Description of the solution | This tool receives cybersecurity events coming from different sources (e.g., Firewall, IDS, honeypot) to generate correlated alarms that indicate the risk level, and detailed information about the event (description, IP source and destination, Port source and destination, Protocols). The tool can generate tickets for further investigation. |
Challenges addressed | 1. Correlation of cyber and physical events originated in Water critical infrastructures. 2. Detection of attacks against water critical infrastructures in real time. |
Innovation | Main innovations of this technology are in the context of (i) scalability, events processed in parallel across a cluster of nodes; (ii) resilience, fault-tolerant and automatic reassignment of task; and (iii) expressiveness, capacity to define rich correlation rules from different perspectives. |
Download or further information | – |
Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |

XL-SIEM High Level Architecture
The Public Warning System (PWNS) detects incidents and informs users and citizens by sending information and instructions to follow.
Description of the solution | The Public Warning Notification System (PWNS) has two main functionalities: detect and report incidents, and inform users and citizens. It is a key element in the solution developed by the project as it activates the first phase of the system that is triggering an alert that, in turn, will ultimately put in place the corresponding response plan. |
Challenges addressed | Water agencies, regulators, municipalities and environmental agencies can benefit from this Public Warning Notification System. The tool is also useful for any industrial operator who needs to monitor processes and can integrate data sources or deploy sensors to capture data variables. Such data can be processed to generate alerts when specific conditions, like threshold limits, absolute/relative variations or other rules upon request from the operator, are met. Response plans and lists of action to be taken when a specific situation is presented can be defined individually to enable the operator to implement the appropriate actions. |
Innovation | The PWNS processes data, alerts and detected incidents from external sources and reports them to the STOP-IT core platform. At this initial stage, in most cases, the incident has to be validated by a human operator. Once this is done, the anomaly is notified to the system that, by cross-checking with other incident-related data from different sources, can identify the risk situation. This assessment will be sent to the visualisation interface for water utilities. The visualisation interface starts a response plan with actions to be executed when specific situations arise. These actions are based on different parameters set by water operators and can include both corrective and mitigation measures. The system also sends the information and instructions to follow to the users and citizens using the most appropriate channels, i.e. email, SMS, mobile app notifications, etc. |
Download or further information | Find more about the Public Warning Notification System here. |
Contact | Ignasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com Maite Garcia (Worldsensing): mgarcia@worldsensing.com |
Network Traffic Sensors and Analysers (NTSA) to monitor network traffic and logs to accurately detect anomalies that might represent attacks to an infrastructure.
Description of the solution | The Network Traffic Sensors and Analysers (NTSA) uses ML algorithms to build a model of the regular behaviour associated to a water critical infrastructure, based on NetFlow data. The model is used to detect abnormal network traffic behaviour in real time. |
Challenges addressed | 1. Real-time detection 2. Development of a model representing the regular behaviour of a water critical infrastructure |
Innovation | The main innovation of this technology covers the real-time detection of abnormal behaviour of the network traffic in a SCADA infrastructure. |
Download or further information | Publication: LADS: A Live Anomaly Detection System based on Machine LearningMethods |
Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |

NTSA Architecture
The Jamming Detection Sensor (JDet) detects anomalies on the physical layer and informs when there is an attack going on.
Description of the solution | The Jammer detector solution performs detection of physical disturbances of wireless communications to ensure that they are not compromised by Denial of Service (DoS). |
Challenges addressed | Real-time detection of jamming attacks in wireless communication to improve securitisation at physical level. |
Innovation | Supports the identification of jammer attacks which block wireless communications. Wireless communication systems do not detect this kind of attack and only identify as non-availability or interference in the communication channel. Current wireless communication systems do not detect jamming attacks, only identifying non-availability or interference in the communication channel. Our jammer detector supports the actual identification of jammer attacks and sends alerts that facilitate taking timely corrective action. |
Download or further information | – |
Contact | Ignasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com Maite Garcia (Worldsensing): mgarcia@worldsensing.com |

Network view for Jamming attack sensors

Example of an installed sensor (not fixed to a wall but using a tripod, which is another option)

Jammer detector capable of blocking signals at 2.4GHz band
The Reasoning Engine (REN) generates alerts and proposes countermeasure actions to mitigate the negative effects based on utility-defined rules.
Description of the solution | The reasoning engine generates real-time alerts and proposes mitigation actions. It allows the configuration of rules for processing detections (referring to cyber and physical level) and using Complex Event Processing (CEP), it generates high-level alerts. Subsequently, it enriches them with mitigation actions to be taken and extra information that facilitates the operators. The REN acts as a mediator between event sources and the system operator and is the means to filter, aggregate, correlate and upscale information in an endless stream of input data. |
Challenges addressed | With real-time alerting and mitigation proposition, the tool supports the decision-making process in water utilities. Based on the REN’s reactive and asynchronous reasoning principle, we detect patterns in an endless stream of input data, allowing the selection of important information. The operator on duty is facilitated and can be less experienced/trained compared to traditional practice. Regarding mitigation of incidents, the tool, in compliance with the MITRE ATT&CK framework, includes tactic and technique to the advice on how to mitigate the received events to speed investigations and response. The tool also supports batch-processing, vital for post-evaluation and further enhancement of the processing results. |
Innovation | The tool innovates in allowing configurable processing per water utility that involves cyber and physical events as it integrates with the rest of the tools in the STOP-IT platform. |
Download or further information | You will find related information here. |
Contact | Theodora Karali (Risa): d.karali@risa.eu Stephanos Camarinopoulos (Risa): s.camarinopoulos@risa.eu |

Configuration of a processing rule

Fault tree editing
The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures for the minimization of risks to the water critical infrastructure.
Description of the solution | The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures that can serve to establish a strategy for the minimization of the effect of materialization of risks inside the water critical infrastructure. It is related to the identified risks of the Risk Identification Data Base (RIDB). |
Challenges addressed | – Development of the structure of the RRMD – Collection and categorization of possible risk reduction measures – Development of a methode and an algorithm for the automatic link between the identified risks and possible risk reduction measures. |
Innovation | Suitable risk reduction measures are automatically identified for a selected risk. |
Download or further information | Download the RRMD database here and the supporting PDF document here. |
Contact | Hans-Joachim Mälzer (IWW): a.maelzer@iww-online.de Aitor Corchero (Eurecat): aitor.corchero@eurecat.org |
The Fine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose.
Description of the solution | Fine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose. This tool evaluates authorization request for users of the STOP-IT platform and provides rules to be implemented by cyber and/or physical security devices. |
Challenges addressed | 1. Correlation of Cyber and Physical access violations. 2. Real time detection of access control violations in a water critical infrastructures. |
Innovation | Main innovations of this technology are in the context of scalability, simplification of the device/user management, multi-stakeholder (able to deal concurrently with different access policies), support of authorization delegation and rights revocation. |
Download or further information | – |
Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |

Fine-grained Cyber Access Control (FCAC) Architecture
The Human Presence Detector (HPD) detects human presence in a room/area, using WiFi commercial devices and channel state information (CSI).
Description of the solution | The Human Presence Detector using WiFi signals (HPD) is a movement detector which can detect the movement of a person in a delimited area just by using the signals generated by at least one commercial WiFi device. |
Challenges addressed | Development of a cheap system, not intrusive with privacy, that works in the absence of light and goes through walls. |
Innovation | The use of WiFi signals generated by commercial WiFi devices to detect the movement of a person. |
Download or further information | Zenodo, Youtube and the toolbox for protection against physical threats. |
Contact | Juan Caubet (Eurecat): juan.caubet@eurecat.org Mario Reyes (Eurecat): (mario.reyes@eurecat.org |

Human Presence Detector installed in a small office area
The Real-Time Anomaly Detector (RTAD) for cyber-physical infrastructures.
Description of the solution | Real time anomaly detection for cyber-physical infrastructures based on the use of machine learning algorithms. It provides an additional layer of security by detecting complex and combined potential threats and attacks. The tool is composed of three main components: a security Big Data platform, machine learning algorithms, and signature-based rules. |
Challenges addressed | The detection of unknown, complex, and combined threats and attacks in a critical water infrastructure. |
Innovation | The differentiation factor with other tools in the market that use machine learning algorithms to detect unknown anomalies (complex and combined threats and attacks) is the ability and flexibility to integrate different sources of information, both cyber and physical, which increases the efficiency and performance of the solution. |
Download or further information | STOP-IT tool explained on Youtube: The Real Time Anomaly Detector |
Contact | Juan Caubet (Eurecat): juan.caubet@eurecat.org Mario Reyes (Eurecat): mario.reyes@eurecat.org |

The Real Time Anomaly Detector
Fault Tree Editor (FTE)
Description of the solution | The solution assesses the risk exposure of a water utility with the creation and calculation of Fault Trees. A Fault Tree is a systematic and deductive method for defining a single undesirable event and determining all possible reasons that could cause that event to occur. It can be applied to analyse the combined effects of simultaneous failures on the undesired (top) event, to evaluate system reliability, to identify potential design defects and safety hazards, to simplify maintenance and trouble-shooting and finally it can also be used to evaluate potential corrective actions or the impact of design changes. |
Challenges addressed | The need of water utilities for tactical and strategic decisions and planning. In particular, the methodology provides all the tools needed to represent, quantify and understand the risks involved in the utility. Moreover, it provides a reliable basis for determining safety countermeasures, in order to predict, prevent or mitigate accidents. |
Innovation | The implemented methodology is quite flexibility and can analyse the consequences caused by some units and special reasons resulting in accidents, such as human factors and environmental factors. A treatment of Common Cause failures, a subset of the general set of dependent events, having a significant contribution on the safety of technical systems are implemented in the method. |
Download or further information | The Reasoning Engine |
Contact | Stephanos Camarinopoulos (Risa): s.camarinopoulos@risa.eu |

Fault Tree Editor
The InfraRisk (CP) tool
Description of the solution | InfraRisk-CP is a standalone desktop application devoted to assists in identification and prioritization of cyber-physical threats (CP) attacking the water systems, as part of the generic risk assessment. InfraRisk-CP is independent of any network modelling of systems (EPANET). Having in mind the so-called Bow-Tie visualization of risk, it starts out with a scenario and the undesired main events/threats, which are cyber-physical attacks against assets. The analysis differentiates between these cyber-physical threats, the frequency of main events and possible consequences, and finally, the preventive or protecting barriers. Barriers appear as physical assets or societal critical functions (SCF) in this context. By providing a risk picture presented as different risk matrices, the tool supports decision makers on both tactical and operational levels in a user-friendly manner. |
Challenges addressed | Generic risk assessment of cyber-physical threats to water systems as described above. |
Innovation | InfraRisk-CP is currently being exploited internally by frontrunners. Market interest and potential for this tool are high. The tool could be commercially exploited within one year. |
Download or further information | The Risk Analysis and Evaluation Toolkit |
Contact | Eivind H. Okstad (Sintef): eivind.h.okstad@sintef.no Jørn Vatn (Sintef): jorn.vatn@ntnu.no |

Open window of InfraRisk-CP

Assessment with InfraRisk-CP
The STOP-IT platform.
Description of the solution | The STOP-IT platform is the combination of all STOP-IT solutions in an integral, scalable and modular solution. |
Challenges addressed | STOP-IT solutions through their combination will help water utilities operators identify and detect risks, enhance their analysis capabilities as well as their preparedness and response. |
Innovation | The STOP-IT platform introduces a novel integrated approach for the security of water critical infrastructures that combines cyber and physical protection modules in an overarching solution. |
Download or further information | – |
Contact | Project coordinator Rita Ugarelli (Sintef): Rita.Ugarelli@sintef.no |

STOP-IT Modular components and Dataflow