Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow

IF 5.2 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Industrial Electronics Society Pub Date : 2023-11-23 DOI:10.1109/OJIES.2023.3335976

Wael Alsabbagh;Peter Langendörfer

{"title":"Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow","authors":"Wael Alsabbagh;Peter Langendörfer","doi":"10.1109/OJIES.2023.3335976","DOIUrl":null,"url":null,"abstract":"Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.","PeriodicalId":52675,"journal":{"name":"IEEE Open Journal of the Industrial Electronics Society","volume":"4 ","pages":"659-693"},"PeriodicalIF":5.2000,"publicationDate":"2023-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10328062","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Industrial Electronics Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10328062/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.

查看原文本刊更多论文

可编程逻辑控制器及相关系统的安全性：今天和明天

可编程逻辑控制器(plc)在关键基础设施和工业控制系统中不可或缺。对提高成本效益和生产效率的日益增长的需求促使自动化制造商将基于plc的应用程序和系统与外部网络(如Internet)集成在一起。不幸的是，这种连接使系统暴露于潜在的恶意攻击之下。为了解决这个紧迫的问题，需要对plc及其相关系统的研究进行全面的总结。该摘要应该根据公开的漏洞、潜在威胁和建议的安全解决方案对这些系统进行分类，以满足科学家和工业工程师的需求。虽然最近的一些调查已经审查和讨论了PLC安全性和相关主题，但它们往往不能全面地涵盖所有重要方面。此外，之前的调查往往侧重于分析系统级别的漏洞，而忽略了plc本身特有的漏洞。因此，他们的研究结果未能有效地保护当前的操作系统或为未来的PLC设计提出改进的解决方案。在本文中，我们通过提供有关plc和相关系统安全性的所有方面的详细审查来弥合这一研究差距。这包括漏洞、潜在攻击和包括数字取证在内的安全解决方案。我们的目标是提供一个精确的分析，解决以往研究的缺点。最后，我们通过提出针对PLC制造商、研究人员和工程师的建议来结束本文。我们希望这些建议将有助于在未来开发更安全的plc。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Open Journal of the Industrial Electronics Society ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

10.80

自引率

2.40%

发文量

审稿时长

12 weeks

期刊介绍： The IEEE Open Journal of the Industrial Electronics Society is dedicated to advancing information-intensive, knowledge-based automation, and digitalization, aiming to enhance various industrial and infrastructural ecosystems including energy, mobility, health, and home/building infrastructure. Encompassing a range of techniques leveraging data and information acquisition, analysis, manipulation, and distribution, the journal strives to achieve greater flexibility, efficiency, effectiveness, reliability, and security within digitalized and networked environments. Our scope provides a platform for discourse and dissemination of the latest developments in numerous research and innovation areas. These include electrical components and systems, smart grids, industrial cyber-physical systems, motion control, robotics and mechatronics, sensors and actuators, factory and building communication and automation, industrial digitalization, flexible and reconfigurable manufacturing, assistant systems, industrial applications of artificial intelligence and data science, as well as the implementation of machine learning, artificial neural networks, and fuzzy logic. Additionally, we explore human factors in digitalized and networked ecosystems. Join us in exploring and shaping the future of industrial electronics and digitalization.