Signals and Symptoms: ICS Attack Dataset From Railway Cyber Range

TL;DR

This paper presents a new dataset from simulated ICS cyberattacks on a railway cyber range, capturing current threat indicators to aid security analysis and response.

Contribution

It introduces a novel ICS attack dataset based on simulations that reflect recent attack patterns on railway infrastructure, supporting cybersecurity research.

Findings

Dataset captures contemporary ICS attack indicators

Simulated attacks reflect real-world threat patterns

Enhances tools for ICS cybersecurity analysis

Abstract

The prevalence of cyberattacks on Industrial Control Systems (ICS) has highlighted the necessity for robust security measures and incident response to protect critical infrastructure. This is prominent when Operational Technology (OT) systems undergo digital transformation by integrating with Information Technology (IT) systems to enhance operational efficiency, adaptability, and safety. To support analysts in staying abreast of emerging attack patterns, there is a need for ICS datasets that reflect indicators representative of contemporary cyber threats. To address this, we conduct two ICS cyberattack simulations to showcase the impact of trending ICS cyberattacks on a railway cyber range that resembles the railway infrastructure. The attack scenario is designed to blend trending attack trends with attack patterns observed from historical ICS incidents. The resulting evidence is collected as datasets, serving as an essential resource for cyberattack analysis. This captures key indicators that are relevant to the current threat landscape, augmenting the effectiveness of security systems and analysts to protect against ICS cyber threats.