Final published version
Licence: CC BY: Creative Commons Attribution 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Walking under the ladder logic: PLC-VBS
T2 - a PLC control logic vulnerability scanning tool
AU - Maesschalck, Sam
AU - Staves, Alexander
AU - Derbyshire, Richard
AU - Green, Benjamin
AU - Hutchison, David
PY - 2023/4/30
Y1 - 2023/4/30
N2 - Cyber security risk assessments provide a crucial starting point towards the understanding of existing risk exposure, via which suitable mitigation strategies can be formed. Risk is viewed as a product of threat, vulnerability and impact, and equal understanding of each of these elements is vitally important. This can be a challenge in Industrial Control System (ICS) environments, where adopted technologies are typically not only bespoke, but interact directly with the physical world. To date, existing vulnerability identification has focused on traditional vulnerability categories. While this approach provides risk assessors with a baseline understanding and the ability to hypothesize about potential resulting impacts, it is rather high level, operating at a level of abstraction that would be viewed as incomplete within a traditional information system context. The work presented in this paper takes the understanding of ICS device vulnerabilities a step deeper. It offers a tool, PLC-VBS, that helps identify Programmable Logic Controller (PLC) vulnerabilities, specifically within logic used to monitor, control, and automate operational processes. PLC-VBS gives risk assessors a more coherent picture about the potential impact should the identified vulnerabilities be exploited; this applies specifically to operational process elements.
AB - Cyber security risk assessments provide a crucial starting point towards the understanding of existing risk exposure, via which suitable mitigation strategies can be formed. Risk is viewed as a product of threat, vulnerability and impact, and equal understanding of each of these elements is vitally important. This can be a challenge in Industrial Control System (ICS) environments, where adopted technologies are typically not only bespoke, but interact directly with the physical world. To date, existing vulnerability identification has focused on traditional vulnerability categories. While this approach provides risk assessors with a baseline understanding and the ability to hypothesize about potential resulting impacts, it is rather high level, operating at a level of abstraction that would be viewed as incomplete within a traditional information system context. The work presented in this paper takes the understanding of ICS device vulnerabilities a step deeper. It offers a tool, PLC-VBS, that helps identify Programmable Logic Controller (PLC) vulnerabilities, specifically within logic used to monitor, control, and automate operational processes. PLC-VBS gives risk assessors a more coherent picture about the potential impact should the identified vulnerabilities be exploited; this applies specifically to operational process elements.
KW - ICS
KW - SCADA
KW - PLC
KW - Cyber Security
KW - PLC Vulnerability Scanner
KW - PLC Programming Practices
U2 - 10.1016/j.cose.2023.103116
DO - 10.1016/j.cose.2023.103116
M3 - Journal article
VL - 127
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 103116
ER -