Assessing the impact of Modbus/TCP protocol attacks on critical infrastructure: WWTP case study

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-06-17 DOI:10.1016/j.compeleceng.2025.110485

Valentine Machaka , Santiago Figueroa-Lorenzo , Saioa Arrizabalaga , Beñat Elduayen-Echave , Josune Hernantes

{"title":"Assessing the impact of Modbus/TCP protocol attacks on critical infrastructure: WWTP case study","authors":"Valentine Machaka , Santiago Figueroa-Lorenzo , Saioa Arrizabalaga , Beñat Elduayen-Echave , Josune Hernantes","doi":"10.1016/j.compeleceng.2025.110485","DOIUrl":null,"url":null,"abstract":"<div><div>Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensive strategies and implement security mechanisms. This study seeks to create a controlled and reproducible virtualised ICS testbed, enabling a risk-free environment for cybersecurity testing. Based on the IEC 62264 Industrial Automation Pyramid (IAP), the proposed virtual ICS testbed features a scalable multi-layered network architecture that supports multiple ICS protocols. This case study features an Operational Technology (OT) environment with a digital twin of a Wastewater Treatment Plant (WWTP) developed using MATLAB/Simulink, OpenPLC and SCADA-LTS. The MITRE ATT&CK adversary emulation technique was utilised to assess the potential impacts of Modbus/TCP protocol attacks on a WWTP industrial process by targeting levels 1 and 2 of the IAP. The findings highlight the necessity for threat emulation to simulate real-world attack scenarios, vulnerability assessments, and operational impact analysis. Furthermore, establishing robust detection mechanisms guarantees that threats are identified early, minimising potential risks to operational integrity and environmental safety. In conclusion, the significance of creating ICS testbeds for cybersecurity testing is emphasised, ultimately suggesting directions for future research.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"126 ","pages":"Article 110485"},"PeriodicalIF":4.0000,"publicationDate":"2025-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004288","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Cyberattacks pose significant risks to the safety and functionality of industrial control systems (ICS), particularly in critical sectors such as water. Understanding the implications of these cyberattacks is essential for evaluating their environmental and economic repercussions to develop defensive strategies and implement security mechanisms. This study seeks to create a controlled and reproducible virtualised ICS testbed, enabling a risk-free environment for cybersecurity testing. Based on the IEC 62264 Industrial Automation Pyramid (IAP), the proposed virtual ICS testbed features a scalable multi-layered network architecture that supports multiple ICS protocols. This case study features an Operational Technology (OT) environment with a digital twin of a Wastewater Treatment Plant (WWTP) developed using MATLAB/Simulink, OpenPLC and SCADA-LTS. The MITRE ATT&CK adversary emulation technique was utilised to assess the potential impacts of Modbus/TCP protocol attacks on a WWTP industrial process by targeting levels 1 and 2 of the IAP. The findings highlight the necessity for threat emulation to simulate real-world attack scenarios, vulnerability assessments, and operational impact analysis. Furthermore, establishing robust detection mechanisms guarantees that threats are identified early, minimising potential risks to operational integrity and environmental safety. In conclusion, the significance of creating ICS testbeds for cybersecurity testing is emphasised, ultimately suggesting directions for future research.

查看原文本刊更多论文

评估Modbus/TCP协议攻击对关键基础设施的影响：WWTP案例研究

网络攻击对工业控制系统（ICS）的安全和功能构成重大风险，特别是在水等关键部门。了解这些网络攻击的影响对于评估其环境和经济影响，制定防御策略和实施安全机制至关重要。本研究旨在创建一个可控制和可复制的虚拟ICS测试平台，为网络安全测试提供无风险的环境。基于IEC 62264工业自动化金字塔（IAP），提出的虚拟ICS测试平台具有可扩展的多层网络架构，支持多种ICS协议。本案例研究的特点是运营技术（OT）环境，其中使用MATLAB/Simulink、OpenPLC和SCADA-LTS开发了污水处理厂（WWTP）的数字孪生。MITRE攻击和CK对手仿真技术被用来评估Modbus/TCP协议攻击对WWTP工业过程的潜在影响，目标是IAP的1级和2级。研究结果强调了威胁仿真的必要性，以模拟真实世界的攻击场景、漏洞评估和操作影响分析。此外，建立强大的检测机制可以确保及早发现威胁，最大限度地降低操作完整性和环境安全的潜在风险。最后，强调了创建ICS测试平台对网络安全测试的意义，并最终提出了未来的研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.