In recent decades, Industrial Control Systems (ICSs) have been widely deployed to control and monitor operations of critical infrastructures, including transportation, power grids, and water treatment units ^[1][2][1,2]. In recent decades, due to the trend of connecting ICSs to the Internet, the security of ICSs has received significant attention. It has been estimated that the global ICS market will grow to $23.5 billion by 2026 [3]. While ICSs are transformed by smart Internet of Things (IoT) devices with increasing usability, efficiency, and productivity, Internet of Things (IoT) devices also significantly impact ICS security ^[4][5][4,5].

Programmable Logic Controllers (PLCs), along with sensors and actuators, are key components of ICSs, as ICSs are monitored and operated via PLCs. Traditionally, it is believed that PLCs are isolated from outside network connections, and thus, PLCs should not be infected by computer viruses. However, several incidents indicate that PLCs are at a significant risk despite them being separated from the core network. For example, a former employee hacked the Queensland computerized waste management system in 2000, which caused a large amount of sewage to be dumped into different areas of the city [6]. A malfunction caused by worms inside computers was detected in monitoring systems in the Ohio Davis-Besse nuclear plant in 2003 [7]. Nevertheless, these earlier incidents did not raise the scientific community’s interest. It was not until recent years that security concerns in PLC-based automated systems started to attract public attention. In 2010, the Stuxnet virus was discovered in Iran’s nuclear facilities [8]. After that, PLC producers and users began to identify vulnerabilities and explore countermeasures to these threats. In the past decade, there has been a large number of papers either focusing on potential attacks that can be launched against PLC-related systems or different prevention mechanisms to mitigate various security issues in PLC-based systems. However, there has been little effort devoted to providing a complete overview covering all aspects of PLC security. In this paper, our focus is on providing an overview of existing security issues in PLCs and relevant techniques that can be applied to mitigate or prevent those potential attacks.

There have been several papers focused on presenting a summary of PLC vulnerabilities and countermeasures. Basnight et al. [9] discussed the vulnerability of PLCs in terms of intentional firmware modifications to understand the feasibility of firmware modification attacks caused by threats in PLC firmware. Sandaruwan, Ranaweera, and Oleshchuk [10] presented several PLC vulnerabilities via various types of attack vectors affecting the critical infrastructure. Wardak, Zhioua, and Almulhem [11] conducted an investigation into PLC access control problems, especially with regard to the password-based access control. Ghaleb, Zhioua, and Almulhem [12] provided a security analysis over network communications between stations responsible for setup and configuration and PLCs. Serhane et al. [13] provided suggestions on policies, recommendations, and countermeasures to secure PLC-based systems. Wu et al. [14] summarized PLC security from perspectives including firmware security, operation security, and program security. Pan, Wang, and Sun [15] reviewed PLC security in terms of code security, firmware security, network attack, and MODBUS protocol security, as well as certain protection mechanisms.

Contributions in this paper are different from other existing review papers about PLCs in several aspects. Firstly, the majority of previous survey papers focus only on one issue in PLC-based systems rather than providing a complete picture of all problem types. Secondly, some survey papers which provide an overview of PLC security from different aspects fail to cover relevant papers discussing those specific issues. Thirdly, existing survey papers do not include threat models of PLC security. Considering the incompleteness of existing overviews of PLC security, in this paper, our focus is on summarizing the security of PLCs from a wider perspective to cover all aspects related to PLCs.

This paper’s remaining sections are organized as follows. In Section 2, we briefly describe an overview of PLC architecture. In Section 3, we discuss different threat models of PLC security. In Section 4, we summarize different types of attacks on PLCs. In Section 5, we present several techniques to mitigate PLC threats. In Section 6, we predict future research areas in PLC security. Lastly, this paper is concluded in Section 7.