SoK: Security of Programmable Logic Controllers

• URL: http://arxiv.org/abs/2403.00280v1
• Date: Fri, 1 Mar 2024 04:53:41 GMT
• Title: SoK: Security of Programmable Logic Controllers
• Authors: Efrén López-Morales, Ulysse Planta, Carlos Rubio-Medrano, Ali Abbasi, Alvaro A. Cardenas,
• Abstract summary: We conduct the first comprehensive systematization of knowledge that explores the security of PLCs. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems. We identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.
• Score: 2.4833449443424245
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 years of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.

Related papers

• Defining and Evaluating Physical Safety for Large Language Models [62.4971588282174]
  Large Language Models (LLMs) are increasingly used to control robotic systems such as drones. Their risks of causing physical threats and harm in real-world applications remain unexplored. We classify the physical safety risks of drones into four categories: (1) human-targeted threats, (2) object-targeted threats, (3) infrastructure attacks, and (4) regulatory violations.
  arXiv  Detail & Related papers  (2024-11-04T17:41:25Z)
• Assessing Effectiveness of Cyber Essentials Technical Controls [14.373036416154397]
  We reconstruct 45 breaches mapped to MiTRE ATT&CK using an Incident Fault Tree approach. Our method reveals the intersections where the placement of controls could have protected organisations. We identify appropriate Cyber Essential controls and/or Additional Controls for these vulnerable intersections.
  arXiv  Detail & Related papers  (2024-06-21T14:52:36Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic Controllers [8.953939389578116]
  This paper investigates the application of ARM TrustZone TEE technology for enhancing the security of PLC. Our aim is to evaluate the feasibility and practicality of the TEE-based PLCs through the proof-of-concept design and implementation using open-source software such as OP-TEE and OpenPLC.
  arXiv  Detail & Related papers  (2024-03-08T16:55:20Z)
• Securing the Digital World: Protecting smart infrastructures and digital industries with Artificial Intelligence (AI)-enabled malware and intrusion detection [0.0]
  cybercrime has emerged as a global threat to governments, businesses, and civil societies. This paper investigates AI-based cyber threat detection to protect our modern digital ecosystems.
  arXiv  Detail & Related papers  (2023-10-15T09:35:56Z)
• Vulnerability Assessment of Industrial Control System with an Improved CVSS [3.9596068699962323]
  This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) Results show the physical system levels of ICS have the highest severity once cyberattacked.
  arXiv  Detail & Related papers  (2023-06-14T16:48:06Z)
• "Yeah, it does have a...Windows `98 Vibe'': Usability Study of Security Features in Programmable Logic Controllers [19.08543677650948]
  Misconfigurations of Programmable Logic Controllers (PLCs) are often left exposed to the Internet. We explore the usability of PLC connection configurations and two key security mechanisms. We find that the use of unfamiliar labels, layouts and misleading terminology exacerbates an already complex process.
  arXiv  Detail & Related papers  (2022-08-04T07:20:00Z)
• Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022 [55.573187938617636]
  The workshop will focus on the application of AI to problems in cyber security. Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
  arXiv  Detail & Related papers  (2022-02-28T18:27:41Z)
• Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks [62.923992740383966]
  We present the first study of security issues of MSF-based perception in AD systems. We generate a physically-realizable, adversarial 3D-printed object that misleads an AD system to fail in detecting it and thus crash into it. Our results show that the attack achieves over 90% success rate across different object types and MSF.
  arXiv  Detail & Related papers  (2021-06-17T05:11:07Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.