Submitted Successfully!
To reward your contribution, here is a gift for you: A free trial for our video production service.
Thank you for your contribution! You can also upload a video entry or images related to this topic.
Version Summary Created by Modification Content Size Created at Operation
1 -- 844 2024-06-04 07:25:10 |
2 layout Meta information modification 844 2024-06-04 07:28:00 |

Video Upload Options

Do you have a full video?

Confirm

Are you sure to Delete?
Cite
If you have any further questions, please contact Encyclopedia Editorial Office.
Cui, H.; Hong, J.; Louden, R. Security of Programmable Logic Controllers in Industrial Control Systems. Encyclopedia. Available online: https://encyclopedia.pub/entry/56683 (accessed on 16 June 2024).
Cui H, Hong J, Louden R. Security of Programmable Logic Controllers in Industrial Control Systems. Encyclopedia. Available at: https://encyclopedia.pub/entry/56683. Accessed June 16, 2024.
Cui, Hui, Jin Hong, Rodney Louden. "Security of Programmable Logic Controllers in Industrial Control Systems" Encyclopedia, https://encyclopedia.pub/entry/56683 (accessed June 16, 2024).
Cui, H., Hong, J., & Louden, R. (2024, June 04). Security of Programmable Logic Controllers in Industrial Control Systems. In Encyclopedia. https://encyclopedia.pub/entry/56683
Cui, Hui, et al. "Security of Programmable Logic Controllers in Industrial Control Systems." Encyclopedia. Web. 04 June, 2024.
Peer Reviewed
Security of Programmable Logic Controllers in Industrial Control Systems

One key role in industrial control systems (ICSs) is known as Programmable Logic Controller (PLC). However, with the development of the Internet of Things (IoT), PLCs have become exposed to an increasing number of attacks, which may cause malfunctions of the whole ICS. Thus, it is necessary to identify potential attacks on PLCs and propose effective solutions to mitigate them. Unfortunately, to date, there have not been significant efforts made to provide a detailed overview of existing works on PLC security. With such a concern in mind, in this paper, we focus on summarising PLC security from different components running at different layers of a PLC architecture. We first review the framework of PLCs; then, we discuss several models when considering PLC security. After that, we provide an overview of existing attacks on PLCs and general solutions to those issues from different perspectives. Lastly, we conclude this paper with an overview of future research areas in PLC security.

automation information control systems programmable logic controllers security critical infrastructure

1. Introduction

In recent decades, Industrial Control Systems (ICSs) have been widely deployed to control and monitor operations of critical infrastructures, including transportation, power grids, and water treatment units [1][2]. In recent decades, due to the trend of connecting ICSs to the Internet, the security of ICSs has received significant attention. It has been estimated that the global ICS market will grow to $23.5 billion by 2026 [3]. While ICSs are transformed by smart Internet of Things (IoT) devices with increasing usability, efficiency, and productivity, Internet of Things (IoT) devices also significantly impact ICS security [4][5].
Programmable Logic Controllers (PLCs), along with sensors and actuators, are key components of ICSs, as ICSs are monitored and operated via PLCs. Traditionally, it is believed that PLCs are isolated from outside network connections, and thus, PLCs should not be infected by computer viruses. However, several incidents indicate that PLCs are at a significant risk despite them being separated from the core network. For example, a former employee hacked the Queensland computerized waste management system in 2000, which caused a large amount of sewage to be dumped into different areas of the city [6]. A malfunction caused by worms inside computers was detected in monitoring systems in the Ohio Davis-Besse nuclear plant in 2003 [7]. Nevertheless, these earlier incidents did not raise the scientific community’s interest. It was not until recent years that security concerns in PLC-based automated systems started to attract public attention. In 2010, the Stuxnet virus was discovered in Iran’s nuclear facilities [8]. After that, PLC producers and users began to identify vulnerabilities and explore countermeasures to these threats. In the past decade, there has been a large number of papers either focusing on potential attacks that can be launched against PLC-related systems or different prevention mechanisms to mitigate various security issues in PLC-based systems. However, there has been little effort devoted to providing a complete overview covering all aspects of PLC security. In this paper, our focus is on providing an overview of existing security issues in PLCs and relevant techniques that can be applied to mitigate or prevent those potential attacks.

1.1. Related Works

There have been several papers focused on presenting a summary of PLC vulnerabilities and countermeasures. Basnight et al. [9] discussed the vulnerability of PLCs in terms of intentional firmware modifications to understand the feasibility of firmware modification attacks caused by threats in PLC firmware. Sandaruwan, Ranaweera, and Oleshchuk [10] presented several PLC vulnerabilities via various types of attack vectors affecting the critical infrastructure. Wardak, Zhioua, and Almulhem [11] conducted an investigation into PLC access control problems, especially with regard to the password-based access control. Ghaleb, Zhioua, and Almulhem [12] provided a security analysis over network communications between stations responsible for setup and configuration and PLCs. Serhane et al. [13] provided suggestions on policies, recommendations, and countermeasures to secure PLC-based systems. Wu et al. [14] summarized PLC security from perspectives including firmware security, operation security, and program security. Pan, Wang, and Sun [15] reviewed PLC security in terms of code security, firmware security, network attack, and MODBUS protocol security, as well as certain protection mechanisms.
Contributions in this paper are different from other existing review papers about PLCs in several aspects. Firstly, the majority of previous survey papers focus only on one issue in PLC-based systems rather than providing a complete picture of all problem types. Secondly, some survey papers which provide an overview of PLC security from different aspects fail to cover relevant papers discussing those specific issues. Thirdly, existing survey papers do not include threat models of PLC security. Considering the incompleteness of existing overviews of PLC security, in this paper, our focus is on summarizing the security of PLCs from a wider perspective to cover all aspects related to PLCs.

1.2. Organization

This paper’s remaining sections are organized as follows. In Section 2, we briefly describe an overview of PLC architecture. In Section 3, we discuss different threat models of PLC security. In Section 4, we summarize different types of attacks on PLCs. In Section 5, we present several techniques to mitigate PLC threats. In Section 6, we predict future research areas in PLC security. Lastly, this paper is concluded in Section 7.

References

  1. Algburi, R.; Gao, H.; Al-Huda, Z. Design and implementation fuzzy-PLC temperature controller for the cooling tower to reduce dust emission in cement plant. In Proceedings of the World Scientific Proceedings Series on Computer Engineering and Information Science Developments of Artificial Intelligence Technologies in Computation and Robotics, WSPC, Cologne, Germany, 18–21 August 2020; pp. 1270–1279.
  2. Bytes, A.; Zhou, J. Post-exploitation and Persistence Techniques Against Programmable Logic Controller. In Lecture Notes in Computer Science, Proceedings of the Applied Cryptography and Network Security Workshops—ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, 19–22 October 2020; Zhou, J., Conti, M., Ahmed, C.M., Au, M.H., Batina, L., Li, Z., Lin, J., Losiouk, E., Luo, B., Majumdar, S., et al., Eds.; Springer: Cham, Switzerland, 2020; Volume 12418, pp. 255–273.
  3. MarketsANDMarkets-Industrial Control Systems Security Market. Industrial Control Systems (ICS) Security Market by Component (Solution and Services), Solution, Security type (Network Security, Endpoint Security, Application Security, Database security), Vertical, and Region—Global Forecast to 2026. Available online: https://www.marketsandmarkets.com/Market-Reports/industrial-control-systems-security-ics-market-1273.html (accessed on 16 October 2023).
  4. Chen, T.; Chen, S.; Tang, W.; Chen, B. Internet of Things: Development Intelligent Programmable IoT Controller for Emerging Industry Applications. Sensors 2022, 22, 5138.
  5. Gaspar, F.J.F.; González, I.; Calderón, A.J. Data acquisition and monitoring system framed in Industrial Internet of Things for PEM hydrogen generators. Internet Things 2023, 22, 100795.
  6. Smith, T. Hacker Jailed for Revenge Sewage Attacks. 2001. Available online: https://www.theregister.com/2001/10/31/hacker_jailed_for_revenge_sewage/ (accessed on 31 July 2023).
  7. Johnson, R.E., III. Survey of SCADA security challenges and potential attack vectors. In Proceedings of the 5th International Conference for Internet Technology and Secured Transactions, ICITST 2010, London, UK, 8–10 November 2010; pp. 1–5.
  8. Falliere, N.; Murchu, L.O.; Chien, E. W32.Stuxnet Dossier. 2010. Available online: https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf (accessed on 12 September 2023).
  9. Basnight, Z.; Butts, J.; Lopez, J., Jr.; Dubé, T. Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 2013, 6, 76–84.
  10. Sandaruwan, G.P.H.; Ranaweera, P.S.; Oleshchuk, V.A. PLC security and critical infrastructure protection. In Proceedings of the 2013 IEEE 8th International Conference on Industrial and Information Systems, Peradeniya, Sri Lanka, 17–20 December 2013; pp. 81–85.
  11. Wardak, H.; Zhioua, S.; Almulhem, A. PLC access control: A security analysis. In Proceedings of the 2016 World Congress on Industrial Control Systems Security, WCICSS, London, UK, 12–14 December 2016; pp. 56–61.
  12. Ghaleb, A.; Zhioua, S.; Almulhem, A. On PLC network security. Int. J. Crit. Infrastructure Prot. 2018, 22, 62–69.
  13. Serhane, A.; Raad, M.; Raad, R.; Susilo, W. Programmable logic controllers based systems (PLC-BS): Vulnerabilities and threats. SN Appl. Sci. 2019, 1, 1.
  14. Wu, H.; Geng, Y.; Liu, K.; Liu, W. Research on Programmable Logic Controller Security. IOP Conf. Ser. Mater. Sci. Eng. 2019, 569, 042031.
  15. Pan, X.; Wang, Z.; Sun, Y. Review of PLC Security Issues in Industrial Control System. J. Cyber Secur. 2020, 2, 59–68.
More
Information
Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register : , ,
View Times: 239
Online Date: 04 Jun 2024
1000/1000
Video Production Service