This work addresses the vulnerability of industrial control systems (ICS) employing current AI-based defenses against stealthy, strategic cyberattacks. We propose a novel attack methodology grounded in multi-agent deep reinforcement learning (DRL), which orchestrates strategic wear-and-tear attacks to degrade product quality and reduce actuator lifespan—all while evading detection by existing AI-driven security mechanisms. To the best of our knowledge, this is the first study to leverage multi-agent DRL for crafting covert attack strategies capable of bypassing AI defenses, thereby exposing critical security weaknesses in AI-protected infrastructure. The efficacy and stealthiness of the proposed approach are validated through experiments in an industrial-scale water treatment simulation environment. To facilitate reproducibility and further research, we publicly release the implementation code and experimental data.

This paper explores a new cyber-attack vector targeting Industrial Control Systems (ICS), particularly focusing on water treatment facilities. Developing a new multi-agent Deep Reinforcement Learning (DRL) approach, adversaries craft stealthy, strategically timed, wear-out attacks designed to subtly degrade product quality and reduce the lifespan of field actuators. This sophisticated method leverages DRL methodology not only to execute precise and detrimental impacts on targeted infrastructure but also to evade detection by contemporary AI-driven defence systems. By developing and implementing tailored policies, the attackers ensure their hostile actions blend seamlessly with normal operational patterns, circumventing integrated security measures. Our research reveals the robustness of this attack strategy, shedding light on the potential for DRL models to be manipulated for adversarial purposes. Our research has been validated through testing and analysis in an industry-level setup. For reproducibility and further study, all related materials, including datasets and documentation, are publicly accessible.