A systematic literature review on past attack analysis on industrial control systems

Abstract

Industrial control systems are used to automate the monitoring and control of physical processes in large-scale industries and critical infrastructure such as power plants, chemical treatment plants, manufacturing, and assembly line processes. Securing industrial control systems is important for the uninterrupted operation of these infrastructures, which are highly interconnected and becoming the prime target of attackers because disrupting these systems can have significant economic and safety implications and consequences such as power outages, environmental disasters, production shutdowns, or even physical harm. The past review works have discussed industrial control systems attacks, their impact, and exploited vulnerabilities separately and lack comprehension. In this work, an attempt has been made to understand the comprehensive picture of vulnerabilities, attacks, and their impact on industrial control systems. Past reviews published between 2014 and 2023 have been studied following a systematic literature review process, and a taxonomy and categorization of past attacks and defense mechanisms have been proposed and classified minutely for readers' interest. Vulnerabilities at the architecture, hardware, software, and communication network level have also been studied and presented. A deep understanding of past attacks, their impact, and identified potential causes is among the major contributions of this review. The results will enable researchers working in academics and industry to make effective decisions on safeguarding the industrial control systems against future attacks.