Skip to content

Which OT protocols and traffic types are most relevant in the target OT environments?

Sector & Environment Scoping

What are the target OT environments?

The target OT environments are those operated by small to medium-sized organizations that fall under the NIS2 directive, but typically lack the financial and organizational capacity to deploy high-end commercial monitoring solutions. The focus is not on large-scale energy utilities or multinational industrial sites, but rather on municipalities, provinces, water boards, drinking water companies, and local production businesses.

These environments share several characteristics: they are often regionally bound, have a limited number of sites, and rely on a mix f legacy OT systems alongside more modern industrial automation technologies. Municipalities, for example operate OT in the context of building management (HVAC, lighting, access control) or infrastructure control (bridges, tunnels, traffic systems). Water boards and drinking water companies manage pumping station, sluices, treatment plants, and distribution networks, where Scada and telemtry play a central role. Small and medium-sized production companies often rely on PLC-driven manufacturing cells, machine automation, and local SCADA/HMI systems.

By focusing on these types of environments, the scope reflects organizations that are critical enough to require OT monitoring but are unlikely to invest in enterprise-grade security tooling. This positioning makes it possible to evaluate the relvance of protocols and traffic types in contexts where open-source tools like malcolm could realistically provide added value.

What OT/ICS systems are typically present in each of these environments?

To understand which communication protocols are relevant, it is first necessary to outline the types of OT/ICS systems commonly deployed across the in-scope environments. While the specific technologies may differ per sector, most share a layered structure consisting of field evices, control equipment, supervisory systems, and integration points wirh IT/business systems. Below, the typical landscape is described per sector.

Municipalities

Municipalities, especially in the Netherlands, often manage a wide array of OT/ICS applications, often centered on public infrastructure, facility management, and environmental control. Systems that are commonly found in these environments are:
Building and Facility Automation Systems

Public buildings (town halls, schools, municipal offices) typically have Building Management Systems (BMS) to control HVAC (heating, ventilation, air conditioning), lighting, shading, access control, and sometimes even elevator or safety systems. Open protocols such as BACnet/IP, BACnet MS/TP, KNX, and Modbus are often used in such installations. For reference, ABB Cyclon's solutions for public/government buildings include BACnet (IP & MS/TP), Modbus TCP, and KNX 4. Another reference is WAREMA, who use BACnet for shades and sun-screening 5.

Traffic & Mobility Control Systems

Municipalities often deploy systems for traffic lights, intersection control, public lighting networks, sometimes smart traffic-light systems. There systems husually have sensors (loop detectors, vehicle count sesors), actuators, programmable controllers, and supervisory control for timing and strategy. Public data from Groningen's municipality shows that these control systems are actively being monitored 6.

Stormwater/Rainwater & Wastewater Pumping

Municipal stormwater management systems are common, particularly in low-lying Dutch contexts. Pump stations (for rainwater drainage, flood control) are automated to activate based on water level sensors, possibly with remote telemetry. These might be smaller scale than water board infrastructure, but still part of municipal operations. Municipalities often collaberate on these technologies with water boards. The municipalities' responsibility is mostly limited to local sewer/stormwater pumping stations, while water boards handle regional pumping and treatment.

Infrastructure Control

Bridges, tunnels, sluices, ports, barriers, gates, and other related mechanical control systems. These often include sensors, actuators, local control via PLC's or RTUs, and supervisory monitoring. To clarify the scope, not all municipalities manage bridges/tunnels/sluices directly, but some municipalities do operate local bridges/tunnels.

Public Lighting Systems

Street lighting, lighting of public spaces, parks, etc. These systems most likely use simpler control protocols, maybe even legacy.

Extra references on municipalities: 1

Water Boards

Water boards manage water quantity, water quality, wastewater, and flood protection. They OT/ICS systems are larger scale and more process-intensive than those in municipalities, and they include both field-device control and supervisory applications. Systems commonly found in OT environments of water boards are:

SCADA and Process Automation Systems

Water boards use SCADA platforms to monitor and control critical infrastructure such as sluices pumps, floodgates, and treatment plants. For example, the Vallei & Veluwe water board ran a project in 2019 which finalized in 2022 to standardize SCADA across 16 wastewater treatment plants, and 87 sewage pumping stations. This is evidence enough to assume SCADA is used extensively in these kinds of environments. 2

Pumping Stations and Sewage Pumping

Both large pumping stations and many smaller ones that transfer water or wastewater between parts of the system are part of this group. Water boards maintai instrumentation (level sensors, flow sensors), control of pumps and valves, and telemetry to main control systems.

Wastewater Treatment Plants

Treatment plants include PLC-based process control for biological, checmical, and mechanical stages (sedimentation, filtration, aeration), plus alarms, reporting, and metering. ICT Group's Scada automation project uses SCADA for managing these plants.

Telemetry, Remote Monitoring, and Alarm Systems

Many water boards have long-established pump and sensor networks, often with telemetry for remove level/flow monitoring and alarm handling. For example, in 2016, waterschap Hunze and Aa's enhanced the security and monitoring of its SCADA systems 3.

Drinking Water Companies

Drinking Water Companies are responsible for producing and distributing drinkable water to housholds and businesses. Their OT/ICS environment differs from water boards, since drinking water companies focus much more on treatment, quality control, and continuous supply rather than wastewater or flood defense. Operations for a drinking water company typically are:

  • Water Treatment Plants (filtration, disinfection, chemical dosing)
  • Pumping and distribution networks to deliver water to households and businesses
  • Storage and pressure management facilities to balance supply and demand
  • Water quality monitoring systems to ensure compliance with health and safety standards

These processes are generally supported by industrial automation and control systems such as SCADA, PLCs, and remote telemetry systems.

Protocol Identification

Which communication protocols are used in which systems?

Municipalities

Building and facility automation systems

These systems often utilize open protocols such as BACnet and KNX for managing hvac, lighting, and access control. Reference: NETx automation7.

Traffic and mobility control systems

These systems typically emply standard industrial communication protocols like Modbus for device-level communication.

Stormwater and Wastewater Pumping Stations

These stations commonly use Modbus RTU/TCP for communication between PLCs and SCADA systems.

Infrastructure Control Systems

Similar to pumping stations, these system often rely on Modbus for communication between field devices and control systems.

Public Lighting Systems

There is no public information on what protocols these systems use. Most likely, it would be Modbus, or if the lights have more functionality like monitoring and dimming options, protocols like DALI or Zhaga-D4i could be used.

Water boards and Drinking water companies use similar protocols, which are Modbus RTU/TCP, DNP3, and IEC 60870-5-104 for communication between PLC's, RTUs, and central control systems.

Most Relevant OT Protocols and Traffic Types

Across the in-scope OT environments, several protocols are consistently used to connect field devices, control systems, and supervisory applications:

  • Modbus RTU/TCP - widely used in every ot environment
  • BACnet / KNX: common in municipal building and facility automation
  • DNP3 and IEC 60870-5-104: common in water boards and drinking water companies

  1. https://securitydelta.nl/nl/nieuws/overzicht/research-into-the-digital-resilience-of-municipal-infrastructure-kicks-off 

  2. https://www.ict.eu/en/newsroom/news/innovative-scada-automation-vallei-en-veluwe-water-authority 

  3. https://www.dutchitchannel.nl/news/139658/waterschap-hunze-en-aa-rsquo-s-versterkt-de-beveiliging-netwerk-en-scada-systemen 

  4. https://new.abb.com/low-voltage/nl/producten/building-automation/product-range/abb-cylon/system-information/solutions/lokale-overheid-oplossingen 

  5. https://smartbuildings.warema.com/nl-nl/bussystemen/bacnet/ 

  6. https://algoritmes.overheid.nl/en/algoritme/gm0014/23996960/monitoring-traffic-lights 

  7. https://www.hdlautomation.com/articles_100000141542786.html 

  8. https://ris.utwente.nl/ws/portalfiles/portal/123109124/Thesis_JC_Cover.pdf