Accepted author manuscript, 327 KB, PDF document
Available under license: CC BY: Creative Commons Attribution 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - To me, to you
T2 - Towards Secure PLC Programming through a Community-Driven Open-Source Initiative
AU - Derbyshire, Richard
AU - Maesschalck, Sam
AU - Staves, Alex
AU - Green, Benjamin
AU - Hutchison, David
PY - 2023/7/31
Y1 - 2023/7/31
N2 - Over the last decade, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks. At the heart of these systems are programmable logic controller (PLC), responsible for the monitoring, control, and automation of physical operational processes. As an increasing number of adversaries are attaining the capability to gain a foothold in ICS environments, with the goal of operational process manipulation, PLCs are becoming a primary target. Unlike conventional IT software, PLCs are programmed via unique industrial languages and the notion of secure PLC programming practices is in its infancy. This has led to vulnerabilities within the very logic PLCs use to interact with the physical world, notably in code provided by vendors, which is proprietary and unable to be viewed or edited to implement secure programming practices. These vulnerabilities then affords adversaries an attack surface to achieve their goals. In this positional paper, a conceptual framework is introduced positing the notion of a communitydriven hub. This hub incorporates a set of processes that draw from existing literature, to provide secure, verified, open-source PLC code. The goal of which is to not only provide PLC programmers with a convenient alternative to vulnerable vendor provided libraries, but increase the awareness and importance of secure PLC programming practices.
AB - Over the last decade, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks. At the heart of these systems are programmable logic controller (PLC), responsible for the monitoring, control, and automation of physical operational processes. As an increasing number of adversaries are attaining the capability to gain a foothold in ICS environments, with the goal of operational process manipulation, PLCs are becoming a primary target. Unlike conventional IT software, PLCs are programmed via unique industrial languages and the notion of secure PLC programming practices is in its infancy. This has led to vulnerabilities within the very logic PLCs use to interact with the physical world, notably in code provided by vendors, which is proprietary and unable to be viewed or edited to implement secure programming practices. These vulnerabilities then affords adversaries an attack surface to achieve their goals. In this positional paper, a conceptual framework is introduced positing the notion of a communitydriven hub. This hub incorporates a set of processes that draw from existing literature, to provide secure, verified, open-source PLC code. The goal of which is to not only provide PLC programmers with a convenient alternative to vulnerable vendor provided libraries, but increase the awareness and importance of secure PLC programming practices.
U2 - 10.1109/EuroSPW59978.2023.00045
DO - 10.1109/EuroSPW59978.2023.00045
M3 - Conference contribution/Paper
SP - 358
EP - 362
BT - IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
PB - IEEE
ER -