English

Usability Study of Security Features in Programmable Logic Controllers

Cryptography and Security 2026-02-25 v2 Computation and Language Human-Computer Interaction Systems and Control Systems and Control

Abstract

Programmable Logic Controllers (PLCs) drive industrial processes critical to society, for example, water treatment and distribution, electricity and fuel networks. Search engines, e.g., Shodan, have highlighted that PLCs are often left exposed to the Internet, one of the main reasons being the misconfigurations of security settings. This leads to the question - why do these misconfigurations occur and, specifically, whether usability of security controls plays a part. To date, the usability of configuring PLC security mechanisms has not been studied. We present the first investigation through a task based study and subsequent semi-structured interviews (N=19). We explore the usability of PLC connection configurations and two key security mechanisms (i.e., access levels and user administration). We find that the use of unfamiliar labels, layouts and misleading terminology exacerbates an already complex process of configuring security mechanisms. Our results uncover various misperceptions about the security controls and how design constraints, e.g., safety and lack of regular updates due to the long-term nature of such systems, provide significant challenges to the realization of modern HCI and usability principles. Based on these findings, we provide design recommendations to bring usable security in industrial settings at par with its IT counterpart.

Keywords

Cite

@article{arxiv.2208.02500,
  title  = {Usability Study of Security Features in Programmable Logic Controllers},
  author = {Karen Li and Kopo M. Ramokapane and Awais Rashid},
  journal= {arXiv preprint arXiv:2208.02500},
  year   = {2026}
}
R2 v1 2026-06-25T01:28:15.571Z