Infracritical conducted an exercise to determine the attack vector, method of attack, and rate of attack against a device pretending to be a device servicing a process control system which controls a water pump for a local municipality. The results were overwhelming; so much so, that a preliminary findings report was generated, followed by a final findings report.
Both reports are openly and publicly available. Resulting data is publicly available as well.
NOTE: Raw data is provided in Common Separated Values (CSV) format; use of ths data is "as is" and is provided without any warranty; use at your own risk.