SSTAF: Security Settings-Based Threat Assessment Framework of Programmable Logic Controllers

Industrial control systems (ICSs) govern the production activities of various critical infrastructures, where programmable logic controllers (PLCs) are essential devices for controlling industrial processes. However, PLCs have many vulnerabilities and might be configured inappropriately. With the tr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information forensics and security Jg. 20; S. 7512 - 7527
Hauptverfasser: Meng, Jie, Zhang, Zhenyong, Zhu, Hengye, Yang, Zeyu, Deng, Ruilong, Cheng, Peng, Zhou, Jianying
Format: Journal Article
Sprache:Englisch
Veröffentlicht: IEEE 2025
Schlagworte:
Computer crime
Hardware
Industrial control systems
Internet
Logic
programmable logic controllers
Protection
protocol analysis
Protocols
Real-time systems
Security
security settings
Switches
Threat assessment
ISSN:1556-6013, 1556-6021
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Industrial control systems (ICSs) govern the production activities of various critical infrastructures, where programmable logic controllers (PLCs) are essential devices for controlling industrial processes. However, PLCs have many vulnerabilities and might be configured inappropriately. With the trend of PLCs connecting to the Internet, such weaknesses will lead to various cyberattacks and have prompted many studies on the threat assessment for PLCs. Previous research has ignored PLCs' security settings, such as operating mode and read/write authentication etc., which are the general security functionalities significantly affecting PLCs' security. In this paper, we make the first attempt to propose a security settings-based threat assessment framework (SSTAF) to assess PLCs' security. SSTAF consists of SScanner, a novel scanner to automatically extract the real-time configurations of security settings from PLCs, and the threat assessment criteria, serving to assess the appropriateness of PLC configurations and analyze risk levels of attacks based on PLCs' security settings. Subsequently, using SSTAF, we implement an Internet-wide threat assessment for PLCs exposed to the Internet. We deploy SScanner on the Internet and interact with 41K ICS devices in cyberspace to acquire their configurations of security settings. Based on the scanning result and the threat assessment criteria, we reveal that 93.32% of PLCs have not appropriately configured their security settings. Additionally, each PLC might be subject to 4.96 attacks on average, of which 3.32 attacks are due to the inappropriate configurations of security settings.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2025.3581434