Secure and Resilient Engineering Software in Critical Infrastructure: Cyber-Physical Threats and Risk Mitigation Strategies

Abstract

As cyber-physical systems become increasingly prevalent in critical infrastructure (e.g., the power grid, water facilities, transportation networks and industrial control systems), so does the requirement for secure and resilient engineering software. While digital transformation is accelerated through IoT, AI-driven automation and cloud enablement of supervisory control, these connected systems are vulnerable to attack – and nations face greater risks than ever before – from data breaches, malware attacks or disruption to operational processes. In this paper, we discuss the architecture, threat model and mitigation techniques when designing software for critical infrastructure. It also examines which software design and system integration gaps are used by cyber-physical threats. The focus is on robust security systems that incorporate secure coding, zero-trust severity, real anomaly detection and recovery procedures. By synthesizing recently published empirical studies (2020–2025), this study identifies best practices and technological interventions—e.g. digital twins, AI-based threat modelling, and blockchain for data integrity—that contribute to software resilience.