PLC Security

So what is PLC security?

Well there are actually two parts, PLC cyber security and PLC physical security. The cyber security deals with the control network and how it's linked to the Internet and other networks. The physical security is things like correcting default passwords, limiting thumb drive access, securing thumb drive access, and having only authorized personnel in the vicinity of your control systems.

Therefore, to implement both the PLC cyber security and PLC physical security, a strategy or plan needs to be in place. This includes procedures and training for staff and the review and continuous improvement of the system. You may find it surprising that only 20% of all cyber security instances are intentional, for example, an external hacker or terrorist and maybe an unhappy employee. Most of the security events are unintentional and caused by software or device problems, a malware infection that found its way to your device, and PICNIC (Problem In Chair, Not In Computer) or in other words, human error.

If you worked with PLCs about a decade or so go, PLC cyber security really wasn't on your radar, there really was no reason for it to be. PLCs were not connected to business systems through any common or standard network. PLCs and other automation equipment were separated from other networks. However, it is becoming normal to connect into business systems typically through TCP/IP networking. Connecting PLCs to the business systems enabled data exchange and better business decisions and that is a major motivation. However, it was not apparent that improving productivity and information flow would cause problems of security.

Ever since the Stuxnet computer worm in 2010 that targeted  Siemens industrial software,  awareness has grown of how industrial control networks are vulnerable. Due to the publicity and success of Stuxnet worm, hackers are now aware of the weaknesses of industrial control systems and SCADA security.

A few things important to realize:

• A control system is not safe even if it does not connect to the Internet. Intrusion can occur over a modem connection. Other sources of connections could be wireless networks, laptop computers, and trusted vendor connections.

• IT departments usually are unfamiliar with PLC equipment, industrial protocols, and process reliability and should not have control of the process or PLC security. An unhappy or disgruntled employee can attack a PLC in a different part of the plant over the PLC’s communication highway. An angry employee may change a password to stop future maintenance and program changes to the PLC.

•  Even if hackers don't understand PLC or Scada, it doesn't mean that they can't block PC to PLC communication. Hackers don't need to understand a PLC or Scada system to cause trouble. Many control systems use Microsoft Windows which hackers are very familiar with. Many PLC and Scada systems do not have security within their design and weak protection. Some PLCs crash simply by pinging an IP address, like what happened at the Brown’s Ferry Nuclear Plant in August 2006.

Now that the hackers have a new target, PLC security is very important. It is time to take action and develop an industrial cyber security plan, since the need for cyber security is very likely to increase going forward.

PLC Security return to Home