In the field of industrial cybersecurity (OT/ICS), access to real practice environments is one of the biggest training barriers. Critical infrastructure control systems are expensive, sensitive, and, for obvious reasons, restricted to operational use.
With this challenge in mind, Ivanka Fernández Leivas has published on GitHub the ElectroSim project, an educational virtual machine that simulates the operation of an electric company and its critical services. The goal is clear: to provide a reproducible lab environment for learning, testing, and practicing OT automation, monitoring, and security in a controlled setting.
Architecture and integrated components
ElectroSim is not just a testing operating system; it incorporates a set of common industrial tools and services, bundled in a VM ready to be imported into VirtualBox. Among the main components:
- OpenPLC: simulation of a programmable logic controller (PLC), a core element of automation.
- Node-RED: flow orchestration that emulates electric consumption sensors and process signals.
- InfluxDB: time-series database to store consumption measurements.
- Grafana: interactive dashboards for data visualization and correlation.
- Mosquitto (MQTT): IoT messaging protocol for communication between sensors and backend.
- MariaDB: management of customer and contract data.
- Suricata: traffic analysis engine and IDS (intrusion detection).
- UFW + Fail2Ban: perimeter security and protection against brute-force attacks.
This ecosystem makes ElectroSim a micro industrial laboratory, enabling replication of interactions between automation layers, databases, communications, and network defenses.
Available versions and deployment
The project is distributed in two .ova images:
- ElectroSim-Industrial.ova: lightweight version, designed for terminal mode use.
- ElectroSim-Industrial-GUI.ova: with XFCE desktop, intended for users preferring a graphical interface.
Deployment is straightforward: import the image into VirtualBox, log in with username vboxuser and password insecure, then access services via the host’s browser:
- Grafana:
http://<vm_ip>:3000 - Node-RED:
http://<vm_ip>:1880 - InfluxDB:
http://<vm_ip>:8086/ping
Philosophy: a clean environment for practice
ElectroSim is provided without preloaded data or dashboards. The aim is for users to design their own flows, databases, and panels, developing practical skills from scratch:
- Create dashboards in Grafana tailored to the simulated power consumption.
- Insert and query time-series data in InfluxDB.
- Set Suricata rules to detect suspicious traffic.
- Configure Node-RED to simulate sensor telemetry.
- Test firewall policies with UFW and Fail2Ban.
In other words, it’s a pedagogical sandbox that combines industrial, IT, and security aspects.
Security, licensing, and accessibility
Although designed for educational purposes, ElectroSim introduces basic good practices for hardening and visibility within industrial networks.
The project is published under the Creative Commons CC BY-ND 4.0 license: it can be used and shared for educational purposes but not modified or redistributed in altered versions.
Author and objectives
Creator Ivanka Fernández Leivas shares this project as part of her efforts to learn and promote industrial cybersecurity, strengthening the community with an accessible resource previously limited to high-cost labs.
With ElectroSim, students, educators, and professionals have a realistic environment to experiment with industrial protocols, intrusion detection, and perimeter security, without risking production environments.
Conclusion
ElectroSim exemplifies how the community can generate valuable resources for technical training in critical areas like OT/ICS cybersecurity. With easy deployment and a comprehensive industrial stack, it democratizes hands-on practice in environments previously out of reach.
Available on GitHub, it promises to become a key tool for courses, labs, and self-training in industrial security.
Frequently Asked Questions
What are the minimum hardware requirements for ElectroSim?
A host with at least 8 GB RAM, a quad-core processor, and about 15 GB free disk space.
Is prior Linux or network experience necessary?
Not strictly, but a basic understanding of system administration is recommended to maximize the learning experience.
What is the difference between the GUI and terminal versions?
The GUI version includes the XFCE desktop environment, while the terminal version is more lightweight. Both provide the same services.
Can it be used in VMware or other hypervisors?
Yes, the .ova files are compatible with hypervisors supporting this format, though primary testing has been in VirtualBox.