Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.
History
Editor
Balzarotti D ; Xu W
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
Usenix Security Symposium (USENIX-Security)
Journal
USENIX Security Symposium
Publisher
USENIX Association
BibTeX
@conference{López-Morales:Planta:Rubio-Medrano:Abbasi:Cárdenas:2024,
title = "SoK: Security of Programmable Logic Controllers.",
author = "López-Morales, Efrén" AND "Planta, Ulysse" AND "Rubio-Medrano, Carlos E" AND "Abbasi, Ali" AND "Cárdenas, Alvaro A",
editor = "Balzarotti, Davide" AND "Xu, Wenyuan",
year = 2024,
month = 1,
journal = "USENIX Security Symposium",
publisher = "USENIX Association"
}