Managing critical infrastructures under the growing cyber-threat is becoming a matter of international urgency. The volume and frequency of cyber-related incidents on the rise yearly, and the level of sophistication is increasing. Critical infrastructures are key service providers and heavily interconnected, meaning any damaging impact would result in devastating consequences and potential cascading failure. In this paper, our system, which uses behavioural observation techniques to offer a level of critical infrastructure support, is detailed. Our approach monitors the operation of an infrastructure and identifies any abnormalities which occur by detecting changes in patterns of behaviour. This is done through the development of a model of correct behaviour which then acts as inference model for expected system behaviour. Using this inference model, we then highlight a threat to our simulation environment by observing changes in patterns of activity. Related research and the results of our implementation is discussed.