ARCHIVES

The impact of Cyber-Physical attacks on industrial control systems (ICS) and SCADA environments has grown significantly over time, in terms of their ability to cause both physical harm and digital compromise, as evidenced by attacks such as Stuxnet-type. Studies have indicated that nearly 87% of attacks against ICS will utilize valid protocol command usage versus using malformed traffic. Traditional methods used to protect ICS include firewalls, machine learning-based anomaly detection, and Protocol-Aware Gateways; however, these traditional protection methods operate solely within the Syntactic/Network layer and, therefore, fail to differentiate between protocol compliant commands that do not induce physical consequences versus commands which are protocol compliant yet can induce catastrophic process states. This literature review systematically examines 44 Peer reviewed articles published between 2010 and 2025 utilizing a PRISMA guideline-based approach examining Five categories: Rule-Based/Physics aware validation, machine learning anomaly detection, ICS Security Gateways, digital twin approaches, and adversarial Testing frameworks. Analysis indicates there exist Three critical gaps in systems currently utilized in ICS/SCADA Environments: Only 4.5 percent (two out of forty-four) of analyzed articles provided Open-Source implementations; adversarial self-testing capabilities were absent across all surveyed gateway architectures; automated consequence prediction for blocked/permitted actions was lacking in 90% (forty-two out of forty-four) of all systems examined. Results indicate an unaddressed design space exists within the field of physics aware real-time validation augmented with integrated consequence quantification and adversarial self-testing an area no system currently utilizes.