Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow

IF 5.2 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC IEEE Open Journal of the Industrial Electronics Society Pub Date : 2023-11-23 DOI:10.1109/OJIES.2023.3335976
Wael Alsabbagh;Peter Langendörfer
{"title":"Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow","authors":"Wael Alsabbagh;Peter Langendörfer","doi":"10.1109/OJIES.2023.3335976","DOIUrl":null,"url":null,"abstract":"Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.","PeriodicalId":52675,"journal":{"name":"IEEE Open Journal of the Industrial Electronics Society","volume":"4 ","pages":"659-693"},"PeriodicalIF":5.2000,"publicationDate":"2023-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10328062","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Industrial Electronics Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10328062/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
可编程逻辑控制器及相关系统的安全性:今天和明天
可编程逻辑控制器(plc)在关键基础设施和工业控制系统中不可或缺。对提高成本效益和生产效率的日益增长的需求促使自动化制造商将基于plc的应用程序和系统与外部网络(如Internet)集成在一起。不幸的是,这种连接使系统暴露于潜在的恶意攻击之下。为了解决这个紧迫的问题,需要对plc及其相关系统的研究进行全面的总结。该摘要应该根据公开的漏洞、潜在威胁和建议的安全解决方案对这些系统进行分类,以满足科学家和工业工程师的需求。虽然最近的一些调查已经审查和讨论了PLC安全性和相关主题,但它们往往不能全面地涵盖所有重要方面。此外,之前的调查往往侧重于分析系统级别的漏洞,而忽略了plc本身特有的漏洞。因此,他们的研究结果未能有效地保护当前的操作系统或为未来的PLC设计提出改进的解决方案。在本文中,我们通过提供有关plc和相关系统安全性的所有方面的详细审查来弥合这一研究差距。这包括漏洞、潜在攻击和包括数字取证在内的安全解决方案。我们的目标是提供一个精确的分析,解决以往研究的缺点。最后,我们通过提出针对PLC制造商、研究人员和工程师的建议来结束本文。我们希望这些建议将有助于在未来开发更安全的plc。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE Open Journal of the Industrial Electronics Society
IEEE Open Journal of the Industrial Electronics Society ENGINEERING, ELECTRICAL & ELECTRONIC-
CiteScore
10.80
自引率
2.40%
发文量
33
审稿时长
12 weeks
期刊介绍: The IEEE Open Journal of the Industrial Electronics Society is dedicated to advancing information-intensive, knowledge-based automation, and digitalization, aiming to enhance various industrial and infrastructural ecosystems including energy, mobility, health, and home/building infrastructure. Encompassing a range of techniques leveraging data and information acquisition, analysis, manipulation, and distribution, the journal strives to achieve greater flexibility, efficiency, effectiveness, reliability, and security within digitalized and networked environments. Our scope provides a platform for discourse and dissemination of the latest developments in numerous research and innovation areas. These include electrical components and systems, smart grids, industrial cyber-physical systems, motion control, robotics and mechatronics, sensors and actuators, factory and building communication and automation, industrial digitalization, flexible and reconfigurable manufacturing, assistant systems, industrial applications of artificial intelligence and data science, as well as the implementation of machine learning, artificial neural networks, and fuzzy logic. Additionally, we explore human factors in digitalized and networked ecosystems. Join us in exploring and shaping the future of industrial electronics and digitalization.
期刊最新文献
Short-Term Control of Heat Pumps to Support Power Grid Operation Effects of Grid Voltage and Load Unbalances on the Efficiency of a Hybrid Distribution Transformer Enhanced PI Control Based SHC-PWM Strategy for Active Power Filters A Detailed Study on Algorithms for Predictive Maintenance in Smart Manufacturing: Chip Form Classification Using Edge Machine Learning Design and Evaluation of a Voice-Controlled Elevator System to Improve the Safety and Accessibility
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1