Wallace and Atkison, in this paper, model several attacks against programmable logic controllers and observe packet timing during the attacks. During a denial of service attack, the researchers record observations of legitimate and spoofed command and control packets directed toward a programmable logic controller. Attacks are crafted and launched via the open-source framework Metasploit. By comparing the time sequence information for legitimate and spoofed command and control packets, the authors identify a substantial time difference. They suggest that by defining a set of features based on the observations found in this paper, a sophisticated intrusion detection system can be designed for the industrial control system environment.

Overall, the paper exposes risks for industrial control systems running on programmable logic controllers. More research and development needs to be done in this area. I recommend this paper as a good bedtime read.