Scrutinizing Security in Industrial Control Systems: An Architectural Vulnerabilities and Communication Network Perspective

Technological advancement plays a crucial role in our daily lives and constantly transforms the industrial sector. However, these technologies also introduce new security vulnerabilities to Industrial Control Systems (ICS). Attackers take advantage of these weaknesses to infiltrate the ICS environment. The size of the targeted industry and the attacker’s knowledge of the internal ICS environment are crucial factors in determining the degree of impact. Researchers and industry professionals have taken several initiatives to identify and address security problems in the ICS environment; however, to our knowledge, a comprehensive survey of this landscape has yet to be conducted. Existing surveys have limitations since they mainly focus on specific aspects of ICS security rather than covering the security aspects holistically. This paper aims to cover all aspects of security in ICS by classifying the ICS environment into its components, such as SCADA, PLC, DCS, RTU, HMI, MTU, etc. The paper then discusses the vulnerabilities in the modern ICS environment, including those of the specific components. The article also presents a classification of ICS-specific attack types. Furthermore, the study examines real-world attack scenarios in the industrial critical infrastructure sectors, including energy, power, water, and wastewater. This study provides an in-depth analysis of ICS security that empowers researchers and industry practitioners to comprehend the complexities of ICS security and to strengthen the ICS environment’s resilience proactively.