Assessing the impact of Modbus/TCP protocol attacks on critical infrastructure: WWTP case study
Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensiv...
| Autores: | , , , |
|---|---|
| Formato: | artículo |
| Fecha de publicación: | 2025 |
| País: | España |
| Recursos: | Universidad de Navarra |
| Repositorio: | Dadun. Depósito Académico Digital de la Universidad de Navarra |
| Idioma: | inglés |
| OAI Identifier: | oai:dadun.unav.edu:10171/119631 |
| Acesso em linha: | https://hdl.handle.net/10171/119631 |
| Access Level: | acceso abierto |
| Palavra-chave: | ICS security Digital twins Sensor networks Adversary emulation Thrat assessment Critical infrastructure protection |
| Resumo: | Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensive strategies and implement security mechanisms. This study seeks to create a controlled and reproducible virtualised ICS testbed, enabling a risk-free environment for cybersecurity testing. Based on the IEC 62264 Industrial Automation Pyramid (IAP), the proposed virtual ICS testbed features a scalable multi-layered network architecture that supports multiple ICS protocols. This case study features an Operational Technology (OT) environment with a digital twin of a Wastewater Treatment Plant (WWTP) developed using MATLAB/Simulink, OpenPLC and SCADA-LTS. The MITRE ATT&CK adversary emulation technique was utilised to assess the potential impacts of Modbus/TCP protocol attacks on a WWTP industrial process by targeting levels 1 and 2 of the IAP. The findings highlight the necessity for threat emulation to simulate real-world attack scenarios, vulnerability assessments, and operational impact analysis. Furthermore, establishing robust detection mechanisms guarantees that threats are identified early, minimising potential risks to operational integrity and environmental safety. In conclusion, the significance of creating ICS testbeds for cybersecurity testing is emphasised, ultimately suggesting directions for future research. |
|---|