Home > Research > Publications & Outputs > To me, to you

Electronic data

  • RICSS_Workshop_Paper

    Accepted author manuscript, 327 KB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License


Text available via DOI:

View graph of relations

To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date31/07/2023
Host publicationIEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Number of pages5
ISBN (Electronic)9798350327205
<mark>Original language</mark>English


Over the last decade, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks. At the heart of these systems are programmable logic controller (PLC), responsible for the monitoring, control, and automation of physical operational processes. As an increasing number of adversaries are attaining the capability to gain a foothold in ICS environments, with the goal of operational process manipulation, PLCs are becoming a primary target. Unlike conventional IT software, PLCs are programmed via unique industrial languages and the notion of secure PLC programming practices is in its infancy. This has led to vulnerabilities within the very logic PLCs use to interact with the physical world, notably in code provided by vendors, which is proprietary and unable to be viewed or edited to implement secure programming practices. These vulnerabilities then affords adversaries an attack surface to achieve their goals. In this positional paper, a conceptual framework is introduced positing the notion of a communitydriven hub. This hub incorporates a set of processes that draw from existing literature, to provide secure, verified, open-source PLC code. The goal of which is to not only provide PLC programmers with a convenient alternative to vulnerable vendor provided libraries, but increase the awareness and importance of secure PLC programming practices.