BUTCA continues to expand cybersecurity training opportunities
The BUTCA platform has become an important part of the 9th edition of the National Cybersecurity Competition Finals. The specially built physical polygons of the wastewater treatment plant offered the competition participants a unique scenario focused on the security of industrial systems.
Researchers from the Department of Telecommunications, FEEC BUT, Eva Holasová and Karel Kuchař, developed a new scenario with a physical polygon for the BUTCA platform, simulating the pumping system of a wastewater treatment plant. It was presented on 10 April 2025 during the final of the National Cybersecurity Competition of the Czech Republic.
The 9th year of the final of the National Competition of the Czech Republic in cyber security took place in Brno on the premises of the Secondary School of Informatics, Postal Administration and Finance, Čichnova. The competition is organised by the CyberCentrum - Cyber Security Centre and is supported by a number of partners including the South Moravian Region, the Ministry of the Interior, the Ministry of Education, Youth and Sports, the Ministry of Labour and Social Affairs and the National Office for Cyber and Information Security (NÚKIB). 47 best students from all over the Czech Republic advanced to the final round. After the individual part of the competition, 25 students were then selected to advance to the team part. In the team competition, due to the higher complexity of the tasks, it was necessary for each competitor to demonstrate not only their personal knowledge, but also their ability to communicate and strategically plan the problem-solving process. These teams were able to try out the new scenario of attacking the wastewater treatment plant designed by Eva and Karel.
The finalists are invited to a summer training organized by the Cyber Competition Committee in cooperation with BUT, the University of Defence (UNOB) and MUNI, where they go through various challenges including psychological tests. The aim was to select a team that can work together effectively and represent the Czech Republic in the European competition.
The participants of the competition were among the first who could test the functioning of the new polygon. Four of the five teams successfully completed the task, each in their own unique way. "In solving the challenges in the new scenario, the contestants first became familiar with an environment that was unfamiliar to them, then understood the industrial process that then allowed them to compromise the entire system. Exploiting the vulnerability caused one of the tanks to physically overflow," Karel Kuchař describes how the new scenario works.
Eva Holasová and Karel Kuchař with the new physical polygon of the wastewater treatment plant for the BUTCA platform.
"The contestants are excited. In general, a hardware challenge is always a great addition to the competition. Seeing the device right in front of you on the table requires less abstraction than a theoretical problem, where the solver must first understand or imagine what the author intends with the text. On the other hand, a working hardware device creates more interest, perhaps even desire, to get into the system and start operating it. This is confirmed by the station next to the competition room, where we have placed one sample of this OT cleaner for competitors who did not advance to the team part, and there is considerable interest there. (OT, or Operational Technologies, are technologies for controlling building control systems or also traffic signals, power substation controls or factory production lines, editor's note.) On behalf of the Cyberspace Competition Committee, I would like to say a big thank you to the scientific team from BUT, especially Zdeněk Martinásek and Willi Lazarov, who have been working with us for a long time and are interested in sharing their scientific contributions to their team. OT systems, in other words, in practical terms, SCADA systems are a practical part of our daily lives and we are socially dependent on them. I am very happy that in this way we can bring these systems closer to our future professionals of the younger generation and complement them with experience that will be useful in their future profession, for example in the protection of these systems, and that is what we are all about. I very much appreciate the cooperation with the BUT and thank you for it," said Kamil Virág, the main judge of the competition.
BUTCA is unique in that it allows for realistic simulation and testing of the impact of attacks on common and industrial networks in a secure environment, the failure of which can carry the risk of significant financial loss, as well as loss of human life or the environment. "Cybersecurity trainees most often get stuck on issues related to real industrial technologies. It is seen that more users are generally more familiar with common network technologies, whereas they have no such experience with industrial networks. The difference in knowledge was also evident in the National Cyber Competition, where it was necessary to use not only common theoretical knowledge, but also to apply this knowledge appropriately in an unfamiliar industrial environment," says Eva Holasová.
An extended polygon of the wastewater treatment plant, representing a copy of a real wastewater treatment plant from the South Moravian Region, was presented on 9 April 2025 at the Technica Futura 3.0 conference in Pilsen. This conference specialises in current technical challenges and trends in the field of cyber security. The BUTCA platform helped to spread awareness of cyber security not only through a practical scenario simulating an attack on a wastewater treatment plant, but also and most importantly through a scenario focused on digital hygiene. Dozens of conference participants went through this scenario, which contributed to raising awareness and understanding of the importance of safe behaviour in cyber environments. "Cyber security is not just a matter for technical specialists, but for each and every one of us. That's why at BUTCA Platform we put emphasis not only on advanced technical scenarios, but also on digital hygiene scenarios. Our goal is to make people understand how simple rules of safe behaviour can significantly reduce risks in everyday digital life," said Radek Fujdiak, coordinator and co-author of the BUTCA platform.
Eva Holasová presents BUTCA at the Technica Futura 3.0 conference in Pilsen. | Author: Information Technology Administration of the City of Pilsen.
BUTCA currently offers a wide range of diverse educational and training scenarios, from ethical hacking, web and mobile application security, to non-technical training in the form of awareness, but also practical scenarios, on the aforementioned polygon of a wastewater treatment plant, as well as polygons of smart meters, a brewery, a robotic packaging line or a power transmission system, but also many others. The platform has already been used by several thousand students across all levels of education, where it has already helped in teaching cyber security awareness at a number of universities and secondary schools, and since the new year the number has grown by three more - EDUCAnet, SPŠ Purkyňova and Vítkovice SPŠ. The importance of the BUTCA platform lies not only in its educational and training function, but also in prevention.
However, BUTCA is also finding its way into the corporate world, especially with practical physical scenarios for energy, industry and critical infrastructure. At a time when cyber attacks on infrastructure are a real threat, it is important that future cybersecurity professionals are prepared to counter these attacks and prevent potentially catastrophic impacts. Indeed, security mechanisms from conventional information technology cannot be directly applied to the industrial world, as the requirements for these systems are fundamentally different. In an industrial environment, it is absolutely crucial to know and maintain the exact state of the industrial process, which unfortunately often takes precedence over the implementation of conventional security measures. Thus, the application of appropriate mechanisms that ensure a sufficient level of security without affecting the process itself is key. "A good example is the smart meter. Its primary function is to continuously measure electricity consumption. Even in the event of a cyber-attack, where the device may lose the ability to communicate with higher-level systems, the meter must continue to perform its primary function of reading electricity consumption. In this context, the functionality of the device has a higher priority than communication security," explains Zdeněk Martinásek, co-author of the BUTCA platform. The issue of security of smart meters is a very talked about topic and outside of BUTCA, FEKT BUT is addressing it together with electricity distributors in the Czech Republic (more here). When designing safety solutions for OT environments, it is essential to consider specific requirements and look for approaches that ensure safety without compromising the basic functionality of industrial equipment and processes.
International cooperation with Tampere University
However, BUTCA does not stay only in the Czech environment. The platform is already successfully helping in teaching at Tampere University in Finland. The cooperation with the Finnish university in the field of joint research aimed at streamlining the process of cybersecurity education was strengthened by a recent three-month Erasmus+ internship with PhD student Willi Lazarov, one of the co-authors of the BUTCA platform. "The research activities in Finland built on an already three-year collaboration between FECT BUTCA and Tampere University, during which data collection from cybersecurity education took place. From this data, together with our colleagues from Finland, we have obtained useful information in order to quantitatively measure the effectiveness of various aspects, such as the impact of gamification on student engagement in learning, determining the difficulty of learning tasks for different user groups, or the use of interactive tools," Willi Lazarov said about his work at Tampere University. However, the international cooperation does not end with Finland; similar cooperation is now also being conducted with Penn State University in the USA and the University of Tartu in Estonia.
Authors: Zdeněk Martinásek, Radek Fujdiak (Department of Telecommunications, FEEC BUT).
| Responsible person | identita nepřihl. uživatele |
|---|---|
| Date of publication |