Efrén López-Morales, Texas A&M University-Corpus Christi; Ulysse Planta, CISPA Helmholtz Center for Information Security; Carlos Rubio-Medrano, Texas A&M University-Corpus Christi; Ali Abbasi, CISPA Helmholtz Center for Information Security; Alvaro A. Cardenas, University of California, Santa Cruz
Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Efr{\'e}n L{\'o}pez-Morales and Ulysse Planta and Carlos Rubio-Medrano and Ali Abbasi and Alvaro A. Cardenas},
title = {{SoK}: Security of Programmable Logic Controllers},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {7103--7122},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/lopez-morales},
publisher = {USENIX Association},
month = aug
}