The primary vulnerability of PLCs and SCADA systems is due to malicious software called Stuxnet, whose existence was discovered by Sergey Ulasen of VirusBlokAda on June 17, 2010. Since then, computer security researchers have been analyzing its code in an effort to decipher its origins and functions. Although it was not the first malicious software to target automation systems, it was unique in exploiting four zero-days and was the first to contain root kits specifically targeted for particular Siemens SCADA systems. Although PLCs have been used for more than 40 years, until Stuxnet, few security research projects focused on them. PLCs were initially developed in the 1960s to facilitate industrial automation. Many PLCs in current use employ a simple programming language called Ladder Logic to make it easier to program them. The simple and basic nature of PLCs makes them vulnerable to being exploited, however. The current research analyzes PLC use and vulnerabilities that have escaped attention because most people know little about PLCs used in correctional facilities. A review of the electronic, physical, and computer security designs in correctional facilities shows why PLCs were installed in many jails and prisons, and their vulnerabilities in those facilities are considered. Recommendations for improving security in locations with PLCs and SCADA include a combination of re-evaluation of prison physical designs and electronic security, network security, and greater enforcement of computer usage policies in these facilities. 9 notes and 3 figures