Industrial Control Systems (ICS) in critical infrastructure—particularly railway systems—are increasingly vulnerable to novel cybersecurity threats arising from IT/OT convergence; however, the absence of high-fidelity, empirically grounded datasets reflecting real-world attack characteristics severely hampers detection model development and threat analysis. Method: Leveraging a railway-specific cyber range, we designed and executed two realistic attack campaigns aligned with contemporary adversary tactics and historical ICS incident patterns, capturing multi-source, structured data across the full cyber kill chain. Contribution/Results: We introduce the first railway-oriented, multi-modal ICS attack dataset, encompassing synchronized network flows, OT device logs, and behavioral telemetry from an integrated IT/OT environment. This dataset bridges a critical gap in high-fidelity empirical ICS data, enabling more accurate attack detection and significantly improving security response timeliness.

The prevalence of cyberattacks on Industrial Control Systems (ICS) has highlighted the necessity for robust security measures and incident response to protect critical infrastructure. This is prominent when Operational Technology (OT) systems undergo digital transformation by integrating with Information Technology (IT) systems to enhance operational efficiency, adaptability, and safety. To support analysts in staying abreast of emerging attack patterns, there is a need for ICS datasets that reflect indicators representative of contemporary cyber threats. To address this, we conduct two ICS cyberattack simulations to showcase the impact of trending ICS cyberattacks on a railway cyber range that resembles the railway infrastructure. The attack scenario is designed to blend trending attack trends with attack patterns observed from historical ICS incidents. The resulting evidence is collected as datasets, serving as an essential resource for cyberattack analysis. This captures key indicators that are relevant to the current threat landscape, augmenting the effectiveness of security systems and analysts to protect against ICS cyber threats.