Industrial PLC security issues

In this paper we have shown that PLC devices are complex embedded systems often relying on some operating system. They are plagued by the same sorts of vulnerabilities and exploits as general purpose operating systems. In fact, the number of latent vulnerabilities in the typical microprocessor-based device can be surprisingly high. However we don't need bugs or vulnerabilities in order to attack the PLC. We can exploit its normal operation provided we have some access to the device. It is suggested that the one of effective ways to avoid expensive business losses or production disruption due to misuse of the PLC is to start protecting the system with defence-in-depth measures.