To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Over the last decade, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks. At the heart of these systems are programmable logic controller (PLC), responsible for the monitoring, control, and automation of physical operational processes. As an increasing number...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE European Symposium on Security and Privacy Workshops (Online) s. 358 - 362
Hlavní autoři: Derbyshire, Richard, Maesschalck, Sam, Staves, Alexander, Green, Benjamin, Hutchison, David
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.07.2023
Témata:
Codes
cyber security
Documentation
ICS
Libraries
open source
PLC programming practices
Process control
Programmable logic devices
Programming
Reviews
Software
Stakeholders
Surface treatment
ISSN:2768-0657
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Over the last decade, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks. At the heart of these systems are programmable logic controller (PLC), responsible for the monitoring, control, and automation of physical operational processes. As an increasing number of adversaries are attaining the capability to gain a foothold in ICS environments, with the goal of operational process manipulation, PLCs are becoming a primary target. Unlike conventional IT software, PLCs are programmed via unique industrial languages and the notion of secure PLC programming practices is in its infancy. This has led to vulnerabilities within the very logic PLCs use to interact with the physical world, notably in code provided by vendors, which is proprietary and unable to be viewed or edited to implement secure programming practices. These vulnerabilities then affords adversaries an attack surface to achieve their goals. In this positional paper, a conceptual framework is introduced positing the notion of a communitydriven hub. This hub incorporates a set of processes that draw from existing literature, to provide secure, verified, open-source PLC code. The goal of which is to not only provide PLC programmers with a convenient alternative to vulnerable vendor provided libraries, but increase the awareness and importance of secure PLC programming practices.
ISSN:2768-0657
DOI:10.1109/EuroSPW59978.2023.00045