The FBI recently revealed a facility called the Kinetic Cyber Range, a 22,000-square-foot indoor replica town on its campus in Huntsville that’s used to train agents and other law-enforcement personnel to investigate and respond to cyberattacks.
According to the FBI, the range opened in February 2025 and has trained more than 1,400 students, including FBI personnel and partners from other agencies. The simulated environment allows trainees to make mistakes and learn from them before facing real incidents.
One reason for building a physical “town” rather than a simple computer lab is that modern cyberattacks often have real-world consequences. A ransomware attack on a hospital, a breach at a utility company, or a compromise of connected infrastructure can affect multiple organizations at once, and the FBI wants trainees to experience those interconnected effects in a controlled setting.
The FBI has completed the construction of a fully functional, small-city simulator, exclusively for training in cyberattacks against critical infrastructure (Kinetic Cyber Range). The facility includes real water networks, traffic control systems and industrial controllers (SCADA), allowing researchers to study the physical consequences of a digital attack.
The targeting of attackers is shifting from data theft (IT) to causing real, material damage through Operational Technology (OT). The findings from the facility are critical for the harmonization of European and Greek infrastructures with the strict cybersecurity directive NIS2. The nature of cyberattacks is rapidly changing, leaving the narrow confines of servers and invading the physical space.
The FBI’s unveiling of a specially designed Kinetic Cyber Range, which is practically a miniature of a fully functioning city, underscores the immediacy of the threat to critical industrial and urban infrastructure. The goal is no longer theoretical threat modeling, but practical observation of the devastating consequences that malicious code can have in the real world.
The FBI’s Kinetic Cyber Range is a secret, physical, small-city-sized simulation facility designed to test cyberattacks on industrial control systems and infrastructure (SCADA/ICS). The facility allows for the assessment of the real-world consequences of a hack on water networks, power systems, and traffic lights, bridging the gap between digital threats and physical disasters.
Industrial-Grade Equipment: Uses real-world Programmable Logic Controllers (PLCs) and IoT sensors found in commercial facilities.
OT Environment Simulation: Tests exclusively on Operational Technology rather than traditional IT networks.
Zero-Day Threat Analysis: A secure environment for “firing” specialized industrial malware and recording its behavior.
Cascading Failures Scenarios: The study of how the collapse of one system (e.g., a power outage) affects the rest (e.g., water pumping stations).
Historically, cybersecurity has focused on Information Technology (IT), that is, protecting computers, data, and communication networks from eavesdropping or ransomware. In contrast, Operational Technology (OT) manages physical devices and processes: the turbines of a power plant, the pressure valves in a refinery, or the automated cranes in a port.
The isolation of these two worlds was the basic rule of security. However, the advent of the Industrial Internet of Things (IIoT) and the need for remote monitoring has forced their connectivity. This convergence (IT/OT convergence) allows attackers to compromise a corporate network (via a simple phishing email) and then gain access to the systems that control the physical equipment.
Software simulations fail to accurately represent the chaotic nature of the physical world. A command that forces a water pump to operate beyond its limit can cause a leak, an explosion, or simply an overheating motor, depending on dozens of physical variables. The Kinetic Cyber Range provides FBI investigators with real-world machines to test the tolerance of hardware to digital anomalies. This process is crucial to understanding sophisticated threats, such as Stuxnet or Triton in the past, which were designed solely to cause physical damage and disable security controls.
The FBI’s “Red Teams” operate as hostile actors within this facility. Using techniques developed by government-sponsored APT groups, they target weaknesses in communication protocols (such as Modbus or DNP3), which have historically been designed for reliability rather than security.
In one of the simulation scenarios, the attackers manage to falsify the telemetry data that reaches the operators’ screens. The operator sees indications of normal operation (spoofing), while in the background the pressure in the pipelines increases critically. The ability to train personnel (incident responders) to recognize these discrepancies between the sensor data and the physical state of the network is the core of the protection strategy.
The existence of such an advanced installation in the US is a wake-up call for European and domestic structures. In Greece, the digitalization of services and the gradual integration of “smart city” technologies (e.g. smart electricity meter networks by HEDNO, automated traffic management systems, digitalized pumping stations in regional municipalities) are dramatically expanding the attack surface.
The European NIS2 directive, which is being incorporated into Greek legislation, drastically expands the categories of critical infrastructure that must meet strict security criteria, as a result of which the National Cybersecurity Authority of Greece is called upon to supervise over 2,000 entities.
The problem, however, lies at the base: many local water supply networks, biological treatment plants and energy substations rely on outdated equipment, which was hastily connected to the internet (via cheap IoT gateways) for reasons of convenience, without a “Zero Trust” architecture.
FBI simulation confirms that a single compromised computer in a DEWA is enough to disrupt the water supply of an entire city.
