STOP-IT
  • About
    • Work Packages
    • Community of Practice and Networks
    • Frontrunners and Followers
    • Meet the Team
    • Terms and Acronyms
  • Results & Downloads
    • Tools and Technologies
    • Transfer and Training Activities
    • Communities of Practice
    • Dissemination Material
  • Contact us
  • Suche
  • Menü Menü
STOP-IT Kick-Off-Meeting 2017 in OsloSTOP-IT Kick-Off-Meeting 2017 in Oslo
Children jumping in the water
Cyber Security Button
Man pressing security button

Results and Downloads

The STOP-IT project has released a number of research results, including tools, technologies, best practice guidelines, reports, materials, and an integrated STOP-IT platform with modular components. You find most of our downloads here or when you click on the boxes below.

Tools and Technologies

Transfer and Training Activities

Community of Practice

Dissemination Material

Here are some of our Key Exploitable Results

Key Exploitable Results are results of the project that can be a) exploited or used in further research activities, b) used to develop, create and market a product or process, or c) used to create and provide a service or standardisation activity.

An Access Control System based on the use of Electronic Locks (Smart Locks) and a mobile App, directly connected to the SCADA systems.

Description of the solutionAs a protection measure against physical threats, STOP-IT partners Mekorot and Aplicatzia developed Meklock, a smart lock system that is useful for any company that maintains and operates facilities with multiple buildings, entrances and cabinets with large quantities of expensive equipment, vulnerable to break-ins and sabotage.
Challenges addressedWith the help of the system it is possible to track entry of authorized users or enable or disable remote privileges for opening and locking doors. It does not require the implementation of wired or wireless infrastructure and therefore reduces maintenance costs. It increases the safety, is user friendly and flexible, offers navigation to facilities and works with a standalone system, among other things.
InnovationMeklock is an innovative access-control mobile app with a sophisticated management system that interacts with electronic locks.
Download or further informationA Youtube video about the Meklock system.
ContactSaar Afuta (Aplicatzia): saar@aplicatzia.com

The Cross Layer Security Information and Event Management (XL-SIEM) detects incidents, correlates events received from different monitoring probes and generates the corresponding alerts when incidents are detected.

Description of the solutionThis tool receives cybersecurity events coming from different sources (e.g., Firewall, IDS, honeypot) to generate correlated alarms that indicate the risk level, and detailed information about the event (description, IP source and destination, Port source and destination, Protocols). The tool can generate tickets for further investigation.
Challenges addressed1. Correlation of cyber and physical events originated in Water critical infrastructures.

2. Detection of attacks against water critical infrastructures in real time.

InnovationMain innovations of this technology are in the context of (i) scalability, events processed in parallel across a cluster of nodes; (ii) resilience, fault-tolerant and automatic reassignment of task; and (iii) expressiveness, capacity to define rich correlation rules from different perspectives.
Download or further information–
ContactGustavo Gonzalez (Atos): gustavo.gonzalez@atos.net
Rodrigo Diaz (Atos): rodrigo.diaz@atos.net
XL-SIEM High Level Architecture

XL-SIEM High Level Architecture

The Public Warning System (PWNS) detects incidents and informs users and citizens by sending information and instructions to follow.

Description of the solutionThe Public Warning Notification System (PWNS) has two main functionalities: detect and report incidents, and inform users and citizens. It is a key element in the solution developed by the project as it activates the first phase of the system that is triggering an alert that, in turn, will ultimately put in place the corresponding response plan.
Challenges addressedWater agencies, regulators, municipalities and environmental agencies can benefit from this Public Warning Notification System. The tool is also useful for any industrial operator who needs to monitor processes and can integrate data sources or deploy sensors to capture data variables. Such data can be processed to generate alerts when specific conditions, like threshold limits, absolute/relative variations or other rules upon request from the operator, are met. Response plans and lists of action to be taken when a specific situation is presented can be defined individually to enable the operator to implement the appropriate actions.
InnovationThe PWNS processes data, alerts and detected incidents from external sources and reports them to the STOP-IT core platform. At this initial stage, in most cases, the incident has to be validated by a human operator. Once this is done, the anomaly is notified to the system that, by cross-checking with other incident-related data from different sources, can identify the risk situation. This assessment will be sent to the visualisation interface for water utilities.

The visualisation interface starts a response plan with actions to be executed when specific situations arise. These actions are based on different parameters set by water operators and can include both corrective and mitigation measures. The system also sends the information and instructions to follow to the users and citizens using the most appropriate channels, i.e. email, SMS, mobile app notifications, etc.

Download or further informationFind more about the Public Warning Notification System here.
ContactIgnasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com
Maite Garcia (Worldsensing): mgarcia@worldsensing.com

Network Traffic Sensors and Analysers (NTSA) to monitor network traffic and logs to accurately detect anomalies that might represent attacks to an infrastructure.

Description of the solutionThe Network Traffic Sensors and Analysers (NTSA) uses ML algorithms to build a model of the regular behaviour associated to a water critical infrastructure, based on NetFlow data. The model is used to detect abnormal network traffic behaviour in real time.
Challenges addressed1. Real-time detection

2. Development of a model representing the regular behaviour of a water critical infrastructure

InnovationThe main innovation of this technology covers the real-time detection of abnormal behaviour of the network traffic in a SCADA infrastructure.
Download or further informationPublication: LADS: A Live Anomaly Detection System based on Machine LearningMethods
ContactGustavo Gonzalez (Atos): gustavo.gonzalez@atos.net
Rodrigo Diaz (Atos): rodrigo.diaz@atos.net
NTSA Architecture

NTSA Architecture

The Jamming Detection Sensor (JDet) detects anomalies on the physical layer and informs when there is an attack going on.

Description of the solutionThe Jammer detector solution performs detection of physical disturbances of wireless communications to ensure that they are not compromised by Denial of Service (DoS).
Challenges addressedReal-time detection of jamming attacks in wireless communication to improve securitisation at physical level.
InnovationSupports the identification of jammer attacks which block wireless communications. Wireless communication systems do not detect this kind of attack and only identify as non-availability or interference in the communication channel.

Current wireless communication systems do not detect jamming attacks, only identifying non-availability or interference in the communication channel. Our jammer detector supports the actual identification of jammer attacks and sends alerts that facilitate taking timely corrective action.

Download or further information–
ContactIgnasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com
Maite Garcia (Worldsensing): mgarcia@worldsensing.com

Network view for Jamming attack sensors

Network view for Jamming attack sensors


Example of an installed sensor (not fixed to a wall but using a tripod, which is another option)

Example of an installed sensor (not fixed to a wall but using a tripod, which is another option)

Jammer detector capable of blocking signals at 2.4GHz band

Jammer detector capable of blocking signals at 2.4GHz band

The Reasoning Engine (REN) generates alerts and proposes countermeasure actions to mitigate the negative effects based on utility-defined rules.

Description of the solutionThe reasoning engine generates real-time alerts and proposes mitigation actions. It allows the configuration of rules for processing detections (referring to cyber and physical level) and using Complex Event Processing (CEP), it generates high-level alerts. Subsequently, it enriches them with mitigation actions to be taken and extra information that facilitates the operators. The REN acts as a mediator between event sources and the system operator and is the means to filter, aggregate, correlate and upscale information in an endless stream of input data.
Challenges addressedWith real-time alerting and mitigation proposition, the tool supports the decision-making process in water utilities. Based on the REN’s reactive and asynchronous reasoning principle, we detect patterns in an endless stream of input data, allowing the selection of important information. The operator on duty is facilitated and can be less experienced/trained compared to traditional practice.  Regarding mitigation of incidents, the tool, in compliance with the MITRE ATT&CK framework, includes tactic and technique to the advice on how to mitigate the received events to speed investigations and response. The tool also supports batch-processing, vital for post-evaluation and further enhancement of the processing results.
InnovationThe tool innovates in allowing configurable processing per water utility that involves cyber and physical events as it integrates with the rest of the tools in the STOP-IT platform.
Download or further informationYou will find related information here.
ContactTheodora Karali (Risa): d.karali@risa.eu
Stephanos Camarinopoulos (Risa): s.camarinopoulos@risa.eu
Configuration of a processing rule

Configuration of a processing rule

Fault tree editing

Fault tree editing

The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures for the minimization of risks to the water critical infrastructure.

Description of the solutionThe Risk Reduction Measures Database (RRMD) is a collection of mitigation measures that can serve to establish a strategy for the minimization of the effect of materialization of risks inside the water critical infrastructure. It is related to the identified risks of the Risk Identification Data Base (RIDB).
Challenges addressed– Development of the structure of the RRMD

– Collection and categorization of possible risk reduction measures

– Development of a methode and an algorithm for the automatic link between the identified risks and possible risk reduction measures.

InnovationSuitable risk reduction measures are automatically identified for a selected risk.
Download or further informationDownload the RRMD database here and the supporting PDF document here.
ContactHans-Joachim Mälzer (IWW): a.maelzer@iww-online.de
Aitor Corchero (Eurecat): aitor.corchero@eurecat.org

The Fine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose.

Description of the solutionFine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose. This tool evaluates authorization request for users of the STOP-IT platform and provides rules to be implemented by cyber and/or physical security devices.
Challenges addressed1. Correlation of Cyber and Physical access violations.

2. Real time detection of access control violations in a water critical infrastructures.

InnovationMain innovations of this technology are in the context of scalability, simplification of the device/user management, multi-stakeholder (able to deal concurrently with different access policies), support of authorization delegation and rights revocation.
Download or further information–
ContactGustavo Gonzalez (Atos): gustavo.gonzalez@atos.net
Rodrigo Diaz (Atos): rodrigo.diaz@atos.net
Fine-grained Cyber Access Control (FCAC) Architecture

Fine-grained Cyber Access Control (FCAC) Architecture

The Human Presence Detector (HPD) detects human presence in a room/area, using WiFi commercial devices and channel state information (CSI).

Description of the solutionThe Human Presence Detector using WiFi signals (HPD) is a movement detector which can detect the movement of a person in a delimited area just by using the signals generated by at least one commercial WiFi device.
Challenges addressedDevelopment of a cheap system, not intrusive with privacy, that works in the absence of light and goes through walls.
InnovationThe use of WiFi signals generated by commercial WiFi devices to detect the movement of a person.
Download or further informationZenodo, Youtube and the toolbox for protection against physical threats.
ContactJuan Caubet (Eurecat): juan.caubet@eurecat.org
Mario Reyes (Eurecat): (mario.reyes@eurecat.org
Human Presence Detector installed in a small office area

Human Presence Detector installed in a small office area

The Real-Time Anomaly Detector (RTAD) for cyber-physical infrastructures.

Description of the solutionReal time anomaly detection for cyber-physical infrastructures based on the use of machine learning algorithms. It provides an additional layer of security by detecting complex and combined potential threats and attacks. The tool is composed of three main components: a security Big Data platform, machine learning algorithms, and signature-based rules.
Challenges addressedThe detection of unknown, complex, and combined threats and attacks in a critical water infrastructure.
InnovationThe differentiation factor with other tools in the market that use machine learning algorithms to detect unknown anomalies (complex and combined threats and attacks) is the ability and flexibility to integrate different sources of information, both cyber and physical, which increases the efficiency and performance of the solution.
Download or further informationSTOP-IT tool explained on Youtube: The Real Time Anomaly Detector
ContactJuan Caubet (Eurecat): juan.caubet@eurecat.org
Mario Reyes (Eurecat): mario.reyes@eurecat.org
The Real Time Anomaly Detector

The Real Time Anomaly Detector

Fault Tree Editor (FTE)

Description of the solutionThe solution assesses the risk exposure of a water utility with the creation and calculation of Fault Trees. A Fault Tree is a systematic and deductive method for defining a single undesirable event and determining all possible reasons that could cause that event to occur. It can be applied to analyse the combined effects of simultaneous failures on the undesired (top) event, to evaluate system reliability, to identify potential design defects and safety hazards, to simplify maintenance and trouble-shooting and finally it can also be used to evaluate potential corrective actions or the impact of design changes.
Challenges addressedThe need of water utilities for tactical and strategic decisions and planning. In particular, the methodology provides all the tools needed to represent, quantify and understand the risks involved in the utility. Moreover, it provides a reliable basis for determining safety countermeasures, in order to predict, prevent or mitigate accidents.
InnovationThe implemented methodology is quite flexibility and can analyse the consequences caused by some units and special reasons resulting in accidents, such as human factors and environmental factors. A treatment of Common Cause failures, a subset of the general set of dependent events, having a  significant contribution on the safety of technical systems are implemented in the method.
Download or further informationThe Reasoning Engine
ContactStephanos Camarinopoulos (Risa): s.camarinopoulos@risa.eu
Fault Tree Editor

Fault Tree Editor

The InfraRisk (CP) tool

Description of the solutionInfraRisk-CP is a standalone desktop application devoted to assists in identification and prioritization of cyber-physical threats (CP) attacking the water systems, as part of the generic risk assessment. InfraRisk-CP is independent of any network modelling of systems (EPANET). Having in mind the so-called Bow-Tie visualization of risk, it starts out with a scenario and the undesired main events/threats, which are cyber-physical attacks against assets. The analysis differentiates between these cyber-physical threats, the frequency of main events and possible consequences, and finally, the preventive or protecting barriers. Barriers appear as physical assets or societal critical functions (SCF) in this context. By providing a risk picture presented as different risk matrices, the tool supports decision makers on both tactical and operational levels in a user-friendly manner.
Challenges addressedGeneric risk assessment of cyber-physical threats to water systems as described above.
InnovationInfraRisk-CP is currently being exploited internally by frontrunners. Market interest and potential for this tool are high. The tool could be commercially exploited within one year.
Download or further informationThe Risk Analysis and Evaluation Toolkit
ContactEivind H. Okstad (Sintef): eivind.h.okstad@sintef.no
Jørn Vatn (Sintef): jorn.vatn@ntnu.no
Open window of InfraRisk-CP

Open window of InfraRisk-CP

Assessment with InfraRisk-CP

The STOP-IT platform.

Description of the solutionThe STOP-IT platform is the combination of all STOP-IT solutions in an integral, scalable and modular solution.
Challenges addressedSTOP-IT solutions through their combination will help water utilities operators identify and detect risks, enhance their analysis capabilities as well as their preparedness and response.
InnovationThe STOP-IT platform introduces a novel integrated approach for the security of water critical infrastructures that combines cyber and physical protection modules in an overarching solution.
Download or further information–
ContactProject coordinator Rita Ugarelli (Sintef): Rita.Ugarelli@sintef.no
STOP-IT Modular components and Dataflow

STOP-IT Modular components and Dataflow

Get involved in STOP-IT

To receive project news and our newsletter, please subscribe here. By subscribing, you allow us to contact you by email and accept our privacy policy.

Community of Practice


Please send an email to stopit-cop@iww-online.de to join our Communities of Practice (COP).

Social media

Twitter feed

Tweets by STOPIT_Project

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 740610. The publication reflects only the authors’ views and the European Union is not liable for any use that may be made of the information contained therein.
Logo ict4water
© Copyright - STOP-IT
  • Legal Disclaimer
  • Privacy Policy
Nach oben scrollen