Abstract: Supervisory Control and Data Acquisition (SCADA) and other industrial control systems (ICS) are used to monitor and control industrial systems such as refineries, trains, water and sewage systems, plants, factories, and the electric grid. Typically, they are dispersed over a wide geographical area and managed from a centralized supervisory site. These systems control real physical equipment that, if not controlled correctly, can cause significant physical, economic, and environmental damage. Many of these systems are critical to the infrastructure of a nation state, a region, or a company. They have become cyber-targets by agents of various military, criminal, and political organizations as well as terrorists, malcontents, and others. The programmable logic controller (PLC) is the workhorse of SCADA and other control systems. It normally receives data from sensors and other input devices which is then used to programmably control switches, actuators, pumps, motors and other such devices to interact physically with its environment in a safe and reliable manner. This small and rugged computer maintains programmable control over machinery and equipment that is often located in unmanned, remote, and inhospitable environments. Stuxnet and other cyber-attacks have drawn research attention seeking to protect a vulnerable centralized supervisory site but there has been little academic cyber-security research into defending the remote PLC, or the fieldbus network upon which it operates. This paper surveys and classifies recent research efforts to attack or defend programmable logic controllers and fieldbus networks. In addition, we frame additional research that could potentially lead to better cyber-protection of supervisory control and data acquisition (SCADA) systems.

Keywords: PLC, ICS, SCADA, security, network security, software vulnerability mitigation, fieldbus