当前位置:
X-MOL 学术
›
IEEE Open J. Ind. Appl. Electron. Soc.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow
IEEE Open Journal of the Industrial Electronics Society Pub Date : 2023-11-23 , DOI: 10.1109/ojies.2023.3335976 Wael Alsabbagh 1 , Peter Langendörfer 1
IEEE Open Journal of the Industrial Electronics Society Pub Date : 2023-11-23 , DOI: 10.1109/ojies.2023.3335976 Wael Alsabbagh 1 , Peter Langendörfer 1
Affiliation
Programmable logic controllers (PLCs) are indispensable in critical infrastructures and industrial control systems. The increasing demand for enhanced cost-effectiveness and production efficiency has driven automation manufacturers to integrate PLC-based applications and systems with external networks, such as Internet. Unfortunately, this connectivity has exposed systems to potential malicious attacks from motivated adversaries. Addressing this pressing issue necessitates a comprehensive summary of ongoing research related to PLCs and their related systems. This summary should classify these systems based on disclosed vulnerabilities, potential threats, and proposed security solutions, catering to both scientists and industrial engineers. While several recent surveys have reviewed and discussed PLC security and related topics, they often fell short of covering all essential aspects comprehensively. Furthermore, prior surveys tended to focus on analyzing vulnerabilities at the system level, overlooking the vulnerabilities specific to PLCs themselves. Consequently, their findings failed to effectively secure current operational systems or propose improved solutions for future PLC designs. In this article, we bridge this research gap by providing a detailed review of all aspects concerning the security of PLCs and related systems. This includes vulnerabilities, potential attacks, and security solutions including digital forensics. We aim to offer a precise analysis, addressing the shortcomings of previous studies. Finally, we conclude this article by presenting our recommendations tailored for PLC manufacturers, researchers, and engineers. We hope that these recommendations will contribute to the development of more secure PLCs in the future.
中文翻译:
可编程逻辑控制器及相关系统的安全:今天和明天
可编程逻辑控制器 (PLC) 在关键基础设施和工业控制系统中不可或缺。对提高成本效益和生产效率的需求不断增长,促使自动化制造商将基于 PLC 的应用程序和系统与外部网络(例如互联网)集成。不幸的是,这种连接使系统面临来自有动机的对手的潜在恶意攻击。解决这一紧迫问题需要对与 PLC 及其相关系统相关的正在进行的研究进行全面总结。该摘要应根据已披露的漏洞、潜在威胁和提出的安全解决方案对这些系统进行分类,以满足科学家和工业工程师的需求。虽然最近的几项调查回顾并讨论了 PLC 安全及相关主题,但它们往往未能全面涵盖所有重要方面。此外,之前的调查往往侧重于分析系统级别的漏洞,而忽略了 PLC 本身特有的漏洞。因此,他们的研究结果未能有效保护当前操作系统的安全,也未能为未来的 PLC 设计提出改进的解决方案。在本文中,我们通过对 PLC 及相关系统安全性的各个方面进行详细回顾来弥补这一研究空白。这包括漏洞、潜在攻击和包括数字取证在内的安全解决方案。我们的目标是提供精确的分析,解决以前研究的缺点。最后,我们通过提出为 PLC 制造商、研究人员和工程师量身定制的建议来结束本文。我们希望这些建议将有助于未来更安全的 PLC 的开发。
更新日期:2023-11-23
中文翻译:
可编程逻辑控制器及相关系统的安全:今天和明天
可编程逻辑控制器 (PLC) 在关键基础设施和工业控制系统中不可或缺。对提高成本效益和生产效率的需求不断增长,促使自动化制造商将基于 PLC 的应用程序和系统与外部网络(例如互联网)集成。不幸的是,这种连接使系统面临来自有动机的对手的潜在恶意攻击。解决这一紧迫问题需要对与 PLC 及其相关系统相关的正在进行的研究进行全面总结。该摘要应根据已披露的漏洞、潜在威胁和提出的安全解决方案对这些系统进行分类,以满足科学家和工业工程师的需求。虽然最近的几项调查回顾并讨论了 PLC 安全及相关主题,但它们往往未能全面涵盖所有重要方面。此外,之前的调查往往侧重于分析系统级别的漏洞,而忽略了 PLC 本身特有的漏洞。因此,他们的研究结果未能有效保护当前操作系统的安全,也未能为未来的 PLC 设计提出改进的解决方案。在本文中,我们通过对 PLC 及相关系统安全性的各个方面进行详细回顾来弥补这一研究空白。这包括漏洞、潜在攻击和包括数字取证在内的安全解决方案。我们的目标是提供精确的分析,解决以前研究的缺点。最后,我们通过提出为 PLC 制造商、研究人员和工程师量身定制的建议来结束本文。我们希望这些建议将有助于未来更安全的 PLC 的开发。
京公网安备 11010802027423号