The document discusses honeypot systems which are decoy network resources designed to be attractive targets for cyber attackers. Honeypots record attacker activity and data to analyze attack methods and motives. They consist of modules to induce attacks, deceive attackers with simulated data, and analyze the attacker behavior. Both low interaction honeypots with limited functionality and high interaction honeypots simulating full systems are described. The document outlines a methodology used to design an industrial control system honeypot, including defining the system scope, implementing security monitoring, and exposing the simulated system online to attract attacks. The benefits of honeypots for active network defense and data collection are balanced with their risks