Abstract
Programmable Logic Controllers (PLCs) are the backbone of modern-day Industrial Control Systems (ICSs), and as such play a key role in many critical infrastructure sectors (e.g., water and water-waste management, power distribution, transportation, food and agriculture, critical manufacturing, etc.). Given the important functions that PLCs carry out within many critical infrastructures, a cyber-compromise of even a single PLC device can have far-reaching impact and consequences, ranging from distribution-system outages, environmental pollution, mass water and food poisoning, to outright loss of human life. The objective of this work-in-progress is to develop a free open source tool, named PIRAT, for cyber-risk assessment of individual PLC components, as well as more complex PLC systems. The tool synthesizes the user-provided PLC component/system information with the readily available data from the National Vulnerability Database (NVD) and MITRE Adversarial Tactics, Techniques and Common Knowledge (MITRE ATT&CK) database. The output of the tool is an aggregate risk scores for the given PLC component/system. The risk score is derived not only based on the known PLC vulnerabilities, but also based on the presence and capabilities of advance persistent threat (APT) groups potentially targeting the given PLC component/system and/or targeting the respective critical infrastructure industry.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
