SoK: Security of Programmable Logic Controllers
- URL: http://arxiv.org/abs/2403.00280v1
- Date: Fri, 1 Mar 2024 04:53:41 GMT
- Title: SoK: Security of Programmable Logic Controllers
- Authors: Efrén López-Morales, Ulysse Planta, Carlos Rubio-Medrano, Ali Abbasi, Alvaro A. Cardenas,
- Abstract summary: We conduct the first comprehensive systematization of knowledge that explores the security of PLCs.
We introduce a novel threat taxonomy for PLCs and Industrial Control Systems.
We identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.
- Score: 2.4833449443424245
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 years of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.
Related papers
- Cyber security of OT networks: A tutorial and overview [1.4361933642658902]
This manuscript explores the cybersecurity challenges of Operational Technology (OT) networks.
OT systems increasingly integrate with Information Technology (IT) systems due to Industry 4.0 initiatives.
The study examines key components of OT systems, such as SCADA (Supervisory Control and Data Acquisition), PLCs (Programmable Logic Controllers), and RTUs (Remote Terminal Units)
arXiv Detail & Related papers (2025-02-19T17:23:42Z) - When Everyday Devices Become Weapons: A Closer Look at the Pager and Walkie-talkie Attacks [1.4257473753494854]
In September 2024, Lebanon experienced a series of unprecedented, coordinated explosions triggered through compromised pagers and walkie-talkies.
This article provides an in-depth investigation into the infamous Pager and Walkie-Talkie attacks, analyzing both technical and non-technical dimensions.
arXiv Detail & Related papers (2025-01-29T04:01:44Z) - Defining and Evaluating Physical Safety for Large Language Models [62.4971588282174]
Large Language Models (LLMs) are increasingly used to control robotic systems such as drones.
Their risks of causing physical threats and harm in real-world applications remain unexplored.
We classify the physical safety risks of drones into four categories: (1) human-targeted threats, (2) object-targeted threats, (3) infrastructure attacks, and (4) regulatory violations.
arXiv Detail & Related papers (2024-11-04T17:41:25Z) - Assessing Effectiveness of Cyber Essentials Technical Controls [14.373036416154397]
We reconstruct 45 breaches mapped to MiTRE ATT&CK using an Incident Fault Tree approach.
Our method reveals the intersections where the placement of controls could have protected organisations.
We identify appropriate Cyber Essential controls and/or Additional Controls for these vulnerable intersections.
arXiv Detail & Related papers (2024-06-21T14:52:36Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Securing the Digital World: Protecting smart infrastructures and digital
industries with Artificial Intelligence (AI)-enabled malware and intrusion
detection [0.0]
cybercrime has emerged as a global threat to governments, businesses, and civil societies.
This paper investigates AI-based cyber threat detection to protect our modern digital ecosystems.
arXiv Detail & Related papers (2023-10-15T09:35:56Z) - "Yeah, it does have a...Windows `98 Vibe'': Usability Study of Security
Features in Programmable Logic Controllers [19.08543677650948]
Misconfigurations of Programmable Logic Controllers (PLCs) are often left exposed to the Internet.
We explore the usability of PLC connection configurations and two key security mechanisms.
We find that the use of unfamiliar labels, layouts and misleading terminology exacerbates an already complex process.
arXiv Detail & Related papers (2022-08-04T07:20:00Z) - Proceedings of the Artificial Intelligence for Cyber Security (AICS)
Workshop at AAAI 2022 [55.573187938617636]
The workshop will focus on the application of AI to problems in cyber security.
Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
arXiv Detail & Related papers (2022-02-28T18:27:41Z) - Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion
based Perception in Autonomous Driving Under Physical-World Attacks [62.923992740383966]
We present the first study of security issues of MSF-based perception in AD systems.
We generate a physically-realizable, adversarial 3D-printed object that misleads an AD system to fail in detecting it and thus crash into it.
Our results show that the attack achieves over 90% success rate across different object types and MSF.
arXiv Detail & Related papers (2021-06-17T05:11:07Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.