I/O Image

From attackics
Jump to navigation Jump to search
I/O Image
ID T0877
Tactic Collection
Data Sources Controller program
Asset Field Controller/RTU/PLC/IED


Adversaries may seek to capture process image values related to the inputs and outputs of a PLC. Within a PLC all input and output states are stored into an I/O image. This image is used by the user program instead of directly interacting with physical I/O.1

Procedure Examples

  • Stuxnet copies the input area of an I/O image into data blocks with a one second interval between copies, forming a 21 second recording of the input area. The input area contains information being passed to the PLC from a peripheral. For example, the current state of a valve or the temperature of a device.2


  • Mitigation Limited or Not Effective - This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique.