论文信息 - PLC security and critical infrastructure protection

PLC security and critical infrastructure protection

Programmable Logic Controllers (PLCs) are the most important components embedded in Industrial Control Systems (ICSs). ICSs have achieved highest standards in terms of efficiency and performance. As a result of that, higher portion of infrastructure in industries has been automated for the comfort of human beings. Therefore, protection of such systems is crucial. It is important to investigate the vulnerabilities of ICSs in order to solve the threats and attacks against critical infrastructure to protect human lives and assets. PLC is the basic building block of an ICS. If PLCs are exploited, overall system will be exposed to the threat. Many believed that PLCs are secured devices due to its isolation from the external networks of the system. The attacks such as Stuxnet have proven the incorrectness of such thoughts. In this paper we have revealed the vulnerabilities of PLCs through a variety of attack vectors which could affect the related critical infrastructure. Furthermore, we have proposed solutions for such weaknesses in PLC based systems.

Vladimir A. Oleshchuk | G. P. H. Sandaruwan | P. S. Ranaweera | V. Oleshchuk | Pasika Ranaweera

[1] Sandip C. Patel,et al. Security enhancement for SCADA communication protocols using augmented vulnerability trees , 2006, CAINE.

[2] Daniel P. W. Ellis,et al. Worm anatomy and model , 2003, WORM '03.

[3] Rahat Masood,et al. SWAM: Stuxnet Worm Analysis in Metasploit , 2011, 2011 Frontiers of Information Technology.

[4] E. J. Byres,et al. On shaky ground - A study of security vulnerabilities in control protocols , 2006 .

[5] Stephen E. McLaughlin. On Dynamic Malware Payloads Aimed at Programmable Logic Controllers , 2011, HotSec.

[6] Felix C. Freiling,et al. Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[7] Igor Nai Fovino,et al. An experimental investigation of malware attacks on SCADA systems , 2009, Int. J. Crit. Infrastructure Prot..

[8] David M. Nicol,et al. Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[9] Robert E. Johnson,et al. Survey of SCADA security challenges and potential attack vectors , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[10] S. Shankar Sastry,et al. Research Challenges for the Security of Control Systems , 2008, HotSec.

[11] A.A. Creery,et al. Industrial cybersecurity for a power system and SCADA networks - Be secure , 2007, IEEE Industry Applications Magazine.