Skip to Main Content
In this paper we study the security threats to Supervisory Control and Data Acquisition (SCADA) systems via intentional and unintentional software errors. We claim that current programming practices and security mechanisms for the Programmable Logic Controllers (PLC), that are fundamental components of all SCADA systems, do not provide adequate protection against unintentional errors or malicious, code-level attacks. We focus on software vulnerabilities in ladder logic; a popular graphical language for PLCs. We show how intentional or unintentional errors in the ladder logic code can lead to integrity and availability violations. We propose methods to support secure PLC code development and to detect vulnerable applications.