SoK: Security of Programmable Logic Controllers

TL;DR

This paper systematically reviews the security landscape of Programmable Logic Controllers (PLCs), analyzing attacks, defenses, and trends over 17 years, and introduces a new threat taxonomy to guide future research and protect critical infrastructures.

Contribution

It provides the first comprehensive systematization of PLC security, including a novel threat taxonomy and identification of research gaps in the field.

Findings

Trends in PLC security over 17 years

A new threat taxonomy for PLCs and ICS

Identification of critical research gaps

Abstract

Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 years of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.