Cyber security risk assessments provide a pivotal starting point towards the understanding of existing risk exposure, through which suitable mitigation strategies can be formed. Where risk is viewed as a product of threat, vulnerability, and impact, understanding each element is of equal importance. This can be a challenge in Industrial Control System (ICS) environments, where adopted technologies are typically not only bespoke, but interact directly with the physical world. To date, existing vulnerability identification has focused on traditional vulnerability categories. While this provides risk assessors with a baseline understanding, and the ability to hypothesize on potential resulting impacts, it is high level, operating at a level of abstraction that would be viewed as incomplete within a traditional information system context. The work presented in this paper takes the understanding of ICS device vulnerabilities one step further. It offers a tool, PLC-VBS, that helps identify Programmable Logic Controller (PLC) vulnerabilities, specifically within logic used to monitor, control, and automate operational processes. PLC-VBS gives risk assessors a more coherent picture about the potential impact should the identified vulnerabilities be exploited; this applies specifically to operational process elements.

翻译：网络安全风险评估为理解现有风险暴露提供了关键起点，并据此可制定适当的缓解策略。当风险被视为威胁、脆弱性和影响的综合产物时，理解每个要素同等重要。在工业控制系统（ICS）环境中，所采用的技术通常不仅具有定制性，还会直接与物理世界交互，这构成了挑战。迄今为止，现有的漏洞识别主要集中于传统的漏洞类别。虽然这为风险评估人员提供了基线理解，并使其能够推演潜在影响，但其层次较高，在抽象层面运行，在传统信息系统语境中会被视为不完整。本文提出的工作将ICS设备漏洞的理解推进了一步。它提供了一种工具PLC-VBS，用于识别可编程逻辑控制器（PLC）中的漏洞，特别是用于监控、控制和自动化运营过程中的逻辑。PLC-VBS使风险评估人员能够更清晰地了解若识别的漏洞被利用可能产生的潜在影响；这尤其适用于运营过程要素。