Kieran McLaughlin
Centre for Secure Information Technology (CSIT) – Queens University Belfast
ControlSoft Automation Systems (NI) Limited
The protection of Critical National Infrastructure (CNI)—including water, energy, and industrial control systems—has become a strategic priority as cyber-attacks grow in both frequency and sophistication. Recent Advanced Persistent Threats (APTs), such as Industroyer and FrostyGoop, have demonstrated the ability to disrupt essential services, causing operational downtime and long-term societal impact. In response, a collaborative initiative between ControlSoft and CSIT is advancing the next generation of cybersecurity solutions through AI-driven anomaly detection, underpinned by a purpose-built water-rig testbed.
At the heart of this project is a critical insight: traditional IT cybersecurity approaches are insufficient for industrial environments. CNI systems are complex cyber-physical ecosystems where digital networks (IT) are tightly integrated with operational technologies (OT), including sensors, actuators, and physical processes. Analysing cyber data in isolation does not provide a complete picture of system behaviour. To accurately detect threats, AI models must understand the interaction between physical processes and cyber activity in real time.
This is where the water-rig testbed becomes essential. Designed as a realistic, controllable industrial environment, the testbed replicates the dynamics of a water treatment or process control system. By integrating programmable logic controllers (PLCs), sensors, actuators, and network infrastructure, it creates a fully functional cyber-physical loop. This enables the generation of time-synchronised, high-fidelity datasets that capture both normal operations and cyber-attack scenarios.
Unlike purely simulated environments, the water-rig provides real-world complexity and data richness, which are critical for training robust machine learning models. It allows researchers to safely execute cyber-attack scenarios—such as data manipulation, process disruption, and stealthy infiltration—while observing their impact across both cyber and physical domains. This capability is vital for understanding how sophisticated APTs behave and for developing detection systems that can operate effectively in live environments.
The project is structured in key phases. The first focuses on the development of the water-rig testbed, including the design of realistic operational scenarios aligned with customer environments. This involves expanding an existing ControlSoft system to incorporate greater network complexity, defining data collection points, and creating reusable “attack building blocks” that mimic real-world industrial cyber threats. The result is a flexible platform for continuous experimentation and innovation.
The second phase centres on the evaluation of advanced anomaly detection algorithms developed by CSIT. These include cutting-edge approaches based on Gaussian Mixture Models (GMMs) and deep learning architectures, capable of modelling complex dependencies within industrial data. By comparing multiple algorithms against state-of-the-art benchmarks, the project identifies the most effective techniques for detecting subtle and evolving threats.
Importantly, the models are first trained and validated using established datasets, before being tested against the bespoke data generated by the water-rig. This ensures both academic rigour and real-world relevance, bridging the gap between theoretical research and practical deployment.
For ControlSoft, this initiative reinforces a strong commitment to cybersecurity leadership in critical infrastructure applications. It demonstrates to customers and stakeholders that security is not an afterthought, but a core design principle—validated through advanced research and realistic testing.
Ultimately, the water-rig testbed is more than a research tool—it is a strategic enabler of resilient, AI-powered industrial systems, helping safeguard the infrastructure that modern society depends on.
