Assessing the impact of Modbus/TCP protocol attacks on critical infrastructure: WWTP case study

Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensiv...

Descripción completa

Detalles Bibliográficos
Autores: Machaka, V. (Valentine)|||/items/bb7806c9-ddb4-4317-af75-de31942fbe86, Figueroa-Lorenzo, S. (Santiago)|||/items/e7ce025e-1e3d-449c-ad8f-64729a414fa5, Arrizabalaga-Juaristi, S. (Saioa)|||/items/8fd585fc-4135-44f8-803d-ddeb0605d98e, Hernantes-Apezetxea, J. (Josune)|||/items/f325c658-dca3-4e00-ab34-9afbcf2e3c77
Tipo de recurso: artículo
Fecha de publicación:2025
País:España
Institución:Universidad de Navarra
Repositorio:Dadun. Depósito Académico Digital de la Universidad de Navarra
Idioma:inglés
OAI Identifier:oai:dadun.unav.edu:10171/119631
Acceso en línea:https://hdl.handle.net/10171/119631
Access Level:acceso abierto
Palabra clave:ICS security
Digital twins
Sensor networks
Adversary emulation
Thrat assessment
Critical infrastructure protection
Descripción
Sumario:Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensive strategies and implement security mechanisms. This study seeks to create a controlled and reproducible virtualised ICS testbed, enabling a risk-free environment for cybersecurity testing. Based on the IEC 62264 Industrial Automation Pyramid (IAP), the proposed virtual ICS testbed features a scalable multi-layered network architecture that supports multiple ICS protocols. This case study features an Operational Technology (OT) environment with a digital twin of a Wastewater Treatment Plant (WWTP) developed using MATLAB/Simulink, OpenPLC and SCADA-LTS. The MITRE ATT&CK adversary emulation technique was utilised to assess the potential impacts of Modbus/TCP protocol attacks on a WWTP industrial process by targeting levels 1 and 2 of the IAP. The findings highlight the necessity for threat emulation to simulate real-world attack scenarios, vulnerability assessments, and operational impact analysis. Furthermore, establishing robust detection mechanisms guarantees that threats are identified early, minimising potential risks to operational integrity and environmental safety. In conclusion, the significance of creating ICS testbeds for cybersecurity testing is emphasised, ultimately suggesting directions for future research.