Exploiting and securing programmable logic controllers

Millions of people rely on vital utility infrastructure such as oil pipelines and water treatment plants. This makes them valuable targets for cyberattacks, and the security of the systems that manage this infrastructure, otherwise known as Industrial Control Systems (ICS), becomes ever more important. ICS are comprised of multiple control components, e.g., electrical, that work together to achieve an industrial goal, e.g., energy, transportation. One crucial component of ICS are Programmable Logic Controllers or PLCs. What makes PLCs a prime target for cyberattacks is their unique capacity to bridge the cyber and physical worlds. In 2021 a cyberattack that targeted the Colonial Pipeline ICS caused fuel shortages across several US states. Thus, it is worth asking: What are the attacks that adversaries can leverage to exploit PLCs? What are the available fortifications that can be used to ensure PLCs remain secure? In this research project, we conduct the first wide-scale systematization of knowledge that categorizes both cyber-attacks and defense- focused approaches for PLCs. Our methodology considers criteria such as attack complexity and defense effectiveness and considers an updated model of the attack surfaces of the PLC. We apply our methodology to several research papers from the past 20 years with the aim to discover trends and patterns. Preliminary results show that there are important research gaps. For example, we found that there are far more attack methods than defense methods. This leaves many attacks unchallenged. Properly identifying and addressing these research gaps may lead to new defense methods for previously unknown vulnerabilities, thus ultimately preventing the occurrence of future cyberattacks affecting vital infrastructure.