Protecting critical infrastructures from cyber-threats in an increasingly digital age is a matter of growing urgency for governments and private industries across the globe. In a climate where cyber safety is an uncertainty, fresh and adaptive solutions to existing computer security approaches are a must. In this paper, we present our approach to supporting critical infrastructure security. Data is constructed from a critical infrastructure simulation, developed using Siemens Tecnomatix Plant Simulator and the programming language SimTalk. The data collected from the simulation, when both functioning as normal and during a cyber-attack scenario, is done through the use of observers. By extracting features from the data collected, threats to the system are identified by modelling system behaviour and identifying changes in patterns of activity by using three data classification techniques.