IEEE Open Journal of the Industrial Electronics Society (Jan 2023)
Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow
Abstract
Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.
Keywords