Abstract
In recent years, industrial control systems have been extensively utilized across critical industries, encompassing manufacturing, automation, and power plants. The widespread implementation of these systems within vital infrastructures has escalated the imperative of ensuring their security. This chapter aims to provide a valuable contribution in the form of a taxonomy and a mapping study that addresses security vulnerabilities present in industrial PLC software. The research contains an in-depth analysis of security vulnerabilities, the corresponding exploitative attacks, and the proposed solutions. The primary objective of this chapter is to establish a comprehensive taxonomy that effectively identifies and classifies vulnerabilities, attacks, and solutions pertinent to security in industrial PLCs. Notably, the proposed taxonomy is further demonstrated within the entire DevOps continuum, spanning from the initial design phase to the operational aspect of PLC systems. The outcomes of this research endeavor hold substantial potential in assisting both researchers and practitioners involved in mitigating security vulnerabilities and combatting attacks targeting industrial PLCs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
C.C. Davidson, T. Andel, M. Yampolskiy, J.T. McDonald, B. Glisson, T. Thomas, in 13th International Conference on Cyber Warfare and Security (2018), pp. 140–149
G. Sandaruwan, P. Ranaweera, V.A. Oleshchuk, in 2013 IEEE 8th International Conference on Industrial and Information Systems (IEEE, 2013), pp. 81–85
S.E. Valentine Jr., PLC code vulnerabilities through SCADA systems, Doctoral dissertation (2013). Retrieved from https://scholarcommons.sc.edu/etd/803
W.C. Yew, PLC device security – tailoring needs, GIAC (GSEC) Gold Certification (2019). https://www.giac.org/research-papers/37612/
J. Weiss, Protecting Industrial Control Systems from Electronic Threats (Momentum Press, 2010)
J. Falco, J. Falco, A. Wavering, F. Proctor, IT Security for Industrial Control Systems (Citeseer, 2002)
K. Stouffer, J. Falco, K. Scarfone, NIST Spec. Publ. 800(82), 16 (2011)
Guide to Industrial Control Systems (ICS) Security. Standard, National Institute of Standards and Technology (2015)
X. Pan, Z. Wang, Y. Sun, J. Cybersecur. 2(2), 69 (2020)
H. Wu, Y. Geng, K. Liu, W. Liu, in IOP Conference Series: Materials Science and Engineering, vol. 569 (IOP Publishing, 2019), p. 042031
I. Pekaric, C. Sauerwein, S. Haselwanter, M. Felderer, Comput. Stand. Interfaces 78, 103539 (2021)
R.C. Nickerson, U. Varshney, J. Muntermann, Eur. J. Inf. Syst. 22(3), 336 (2013)
M. Usman, R. Britto, J. Börstler, E. Mendes, Inf. Softw. Technol. 85, 43 (2017)
P. Bourque, R. Dupuis, A. Abran, J.W. Moore, L. Tripp, IEEE Softw. 16(6), 35 (1999)
K. Petersen, R. Feldt, S. Mujtaba, M. Mattsson, in 12th International Conference on Evaluation and Assessment in Software Engineering (EASE) 12 (2008), pp. 1–10
E.N. Yılmaz, S. Gönen, Comput. Secur. 77, 94 (2018)
H. Wardak, S. Zhioua, A. Almulhem, in 2016 World Congress on Industrial Control Systems Security (WCICSS) (IEEE, 2016), pp. 1–6
J. Pavesi, T. Villegas, A. Perepechko, E. Aguirre, L. Galeazzi, in International Congress of Telematics and Computing (Springer, 2019), pp. 355–364
T. Alves, T. Morris, Comput. Secur. 78, 364 (2018)
E.N. Yrlmaz, H.H. Sayan, F. Üstünsoy, S. Gönen, G. Karacayilmaz, Cyber security analysis of DoS and MitM attacks against PLCs used in smart grids, in 2019 7th International Istanbul Smart Grids and Cities Congress and Fair (ICSG), Istanbul, Turkey (2019), pp. 36–40
A. Clark, Q. Zhu, R. Poovendran, T. Başar, in 2013 American Control Conference (IEEE, 2013), pp. 4140–4147
R. Masood, Z. Anwar et al., in 2011 Frontiers of Information Technology (IEEE, 2011), pp. 142–147
M. Khadpe, P. Binnar, F. Kazi, in 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (IEEE, 2020), pp. 1–6
H. Yoo, I. Ahmed, in IFIP International Conference on ICT Systems Security and Privacy Protection (Springer, 2019), pp. 33–48
W. Zhang, Y. Jiao, D. Wu, S. Srinivasa, A. De, S. Ghosh, P. Liu, Procedia Manuf. 39, 270 (2019)
S.A. Milinković, L.R. Lazić, in 2012 20th Telecommunications Forum (TELFOR) (IEEE, 2012), pp. 1536–1539
C. Wohlin, P. Runeson, M. Höst, M.C. Ohlsson, B. Regnell, A. Wesslén, Experimentation in software engineering (Springer Science & Business Media, 2012)
Acknowledgements
This work has received funding from H2020 under grant agreement No. 737494, from Vinnova through the SmartDelta project and from KKS through the ACICS project. This work was partially supported by the Austrian Science Fund (FWF): I 4701-N.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Enoiu, E.P., Biçoku, K., Seceleanu, C., Felderer, M. (2024). A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs. In: Sadovykh, A., Truscan, D., Mallouli, W., Cavalli, A.R., Seceleanu, C., Bagnato, A. (eds) CyberSecurity in a DevOps Environment . Springer, Cham. https://doi.org/10.1007/978-3-031-42212-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-42212-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42211-9
Online ISBN: 978-3-031-42212-6
eBook Packages: Computer ScienceComputer Science (R0)