Industrial Controls Systems (ICS) represent a relevant target for attackers. In order to prevent such critical security threats, ICS security assessment activities should be conducted. Conventional vulnerability assessment and penetration testing within ICSs are not practicable due to safety risks and cost constraints. To overcome these challenges, security researchers have developed cybersecurity testbeds. However, these testbeds commonly rely on closed components, cannot be extended, and are very expensive. This research investigates how a modular, open-source framework can enhance the development of robust cybersecurity testbeds and facilitate the implementation of digital twins for securing Industrial Control Systems. We present SCASS, a fully customizable testbed designed to replicate complex SCADA and ICS environments with high fidelity. SCASS addresses the need for accessible, scalable platforms by supporting both physical and virtual components while enabling the evaluation of heterogeneous attack scenarios and security methodologies. By combining advanced attack scenarios with an objective comparative analysis against existing testbeds, SCASS demonstrates its ability to fill critical gaps in the ICS security landscape, fostering collaboration and advancing security assessment methodologies.
SCASS: Breaking into SCADA Systems Security / D'Ambrosio, N.; Capodagli, G.; Perrone, G.; Romano, S. P.. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 151:(2025). [10.1016/j.cose.2025.104315]
SCASS: Breaking into SCADA Systems Security
d'Ambrosio N.;Perrone G.;Romano S. P.
2025
Abstract
Industrial Controls Systems (ICS) represent a relevant target for attackers. In order to prevent such critical security threats, ICS security assessment activities should be conducted. Conventional vulnerability assessment and penetration testing within ICSs are not practicable due to safety risks and cost constraints. To overcome these challenges, security researchers have developed cybersecurity testbeds. However, these testbeds commonly rely on closed components, cannot be extended, and are very expensive. This research investigates how a modular, open-source framework can enhance the development of robust cybersecurity testbeds and facilitate the implementation of digital twins for securing Industrial Control Systems. We present SCASS, a fully customizable testbed designed to replicate complex SCADA and ICS environments with high fidelity. SCASS addresses the need for accessible, scalable platforms by supporting both physical and virtual components while enabling the evaluation of heterogeneous attack scenarios and security methodologies. By combining advanced attack scenarios with an objective comparative analysis against existing testbeds, SCASS demonstrates its ability to fill critical gaps in the ICS security landscape, fostering collaboration and advancing security assessment methodologies.| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S0167404825000045-main.pdf
accesso aperto
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
4.46 MB
Formato
Adobe PDF
|
4.46 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
