Walking under the ladder logic: PLC-VBS: a PLC control logic vulnerability scanning tool

Maesschalck, Sam; Staves, Alexander; Derbyshire, Richard; Green, Ben; Hutchison, David

doi:10.1016/j.cose.2023.103116

Cited by 9 publications

(10 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other operations can have a high impact, such as the destruction of infrastructure, which is possible via a cyber attack. This is especially so, as technology within our most critical infrastructure, now connected to the Internet, has major vulnerabilities that could lead to disastrous effects (Collier & Lackoff, 2008; Maesschalck et al, 2023). Rule 68 within the Manual discusses this and expands upon this in Rule 69, where it is agreed that a cyber operation with effects comparable to an operation that constitutes a use of force in a non‐cyber operation does constitute a use of force.…”

Section: Cyberspace Legislationmentioning

confidence: 99%

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Maesschalck

2024

World Affairs

Self Cite

View full text Add to dashboard Cite

The military now views cyberspace as a new warfare domain, with constant cyber operations potentially causing significant consequences. Internationally, countries are heavily involved in cyberspace, but international law lags behind this evolution, raising questions about its application and retaliation measures. This article investigates international law in cyberspace and cyber operations in warfare and terrorism, exploring recent calls for increased legislation. The impact of cyberspace nonregulation on international security is examined from both positive and negative perspectives. It argues that solving anonymity and attribution issues requires state collaboration, with an initial step of cooperation against cyber‐terrorism. The conclusion emphasizes the necessity of cyberspace regulation and legislation for international and national security, offering a starting point for discussion.

show abstract

Section: Cyberspace Legislationmentioning

confidence: 99%

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Maesschalck

2024

World Affairs

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, this study relies on existing PLC artifacts in detecting memory attacks, and securing storage capacity is important because numerous PLC artifacts are stored in the database. Reference [18] provided a programmable logic controller variable block scanner, a tool for identifying vulnerabilities in PLCs. The PLC-VBS scanner is tested to be able to identify vulnerable bits and bytes within PLC memory and to allow attackers to interact with the device.…”

Section: Related Workmentioning

confidence: 99%

Programmable Logic Controller Block Monitoring System for Memory Attack Defense in Industrial Control Systems

Lee,

Shin,

Seo

2023

CMC

View full text Add to dashboard Cite

Cyberattacks targeting industrial control systems (ICS) are becoming more sophisticated and advanced than in the past. A programmable logic controller (PLC), a core component of ICS, controls and monitors sensors and actuators in the field. However, PLC has memory attack threats such as program injection and manipulation, which has long been a major target for attackers, and it is important to detect these attacks for ICS security. To detect PLC memory attacks, a security system is required to acquire and monitor PLC memory directly. In addition, the performance impact of the security system on the PLC makes it difficult to apply to the ICS. To address these challenges, this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory. The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data. Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC. The experimental results demonstrate that the proposed system detects all malicious organization block (OB) injection and data block (DB) manipulation, and the increment of PLC cycle time, the impact on PLC performance, was less than 1 ms. The proposed system detects PLC memory attacks with a simpler detection method than earlier studies. Furthermore, the proposed system can be applied to ICS with a small performance impact on PLC.

show abstract

“…Building on some of the concepts of PCaaD [12], Maesschalck et al [16] show that many of the vendorprovided library functions contain a vulnerability that allows adversaries to change the operation of the PLC. The authors present a scanning tool to identify bytes, and therefore variables, in the target PLC's memory that are susceptible to being manipulated over the network.…”

Section: Related Workmentioning

confidence: 99%

“…By adhering to established programming standards, implementing secure programming practices, and following thorough testing and validation processes, organisations can minimise the likelihood of vulnerabilities being introduced into their ICS and physical process. However, many organisations rely on PLC code in the form of vendor-provided library functions [15], which are proprietary, unable to be edited, and demonstrably vulnerable [12], [16], meaning that many elements of secure PLC programming practices cannot be exercised when they are sorely needed.…”

Section: Introductionmentioning

confidence: 99%

“…This paper first explores secure PLC programming practices and their importance, before considering the use of open-source functions as an alternative to vendorprovided library functions. By using existing tooling [16] to scan a PLC's code for vulnerabilities, it is found that such open-source functions are as vulnerable as the vendor-provided library functions, but with one clear distinction; unlike the proprietary, vendor-provided library functions, open-source functions' code may be viewed and edited, affording the incorporation of secure PLC programming practices. This leads to a proposed framework of a community-driven hub for secure, open-source PLC code, which tests and verifies that the code is free of known vulnerabilities and conforms to both secure PLC programming practices and known best practice of standards and guidelines.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Derbyshire,

Maesschalck,

Staves

et al. 2023

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

For decades, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks, which in turn have increased in sophistication. Consequently, secure programmable logic controller (PLC) programming practices are becoming crucial as more adversaries are attaining the capability to gain a foothold in the ICS environment and directly attack the physical process through exploiting vulnerable PLC code. Existing programming practices involve the frequent use of vendor-provided, proprietary library functions, which cannot be viewed or edited, inhibiting the incorporation of secure PLC programming practices. This work begins by exploring the viability of open-source PLC functions as an alternative because of their open nature and potential for broader adoption of secure PLC programming practices. However, when analysed, the selected open-source PLC functions are found to contain the same vulnerabilities as those provided by the vendor. In response, a conceptual framework for a community-driven initiative is proposed that would acquire open-source PLC functions and their supporting documentation, review them for vulnerabilities and apply secure PLC coding practices, and finally disseminate the newly-secured, open-source PLC functions for wider use.

show abstract

Walking under the ladder logic: PLC-VBS: a PLC control logic vulnerability scanning tool

Cited by 9 publications

References 10 publications

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Programmable Logic Controller Block Monitoring System for Memory Attack Defense in Industrial Control Systems

To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Contact Info

Product

Resources

About