Security of PLCs
PLCs (programmable logic controllers) were first introduced to the world in the late 1960s. Designed to replace relay-based machine control systems specifically in the U.S. manufacturing space, they initially left quite a positive impression on the society. As most professionals in the automation space know, programmable logic controllers are designed to carry out control functions, many of which are extraordinarily complex. They are considered user-friendly, and are designed to endure strenuous environments such as:
Often used for automation practices in the electromechanical space, PLCs control machinery in several environments. A handful of popular example include:
automotive assembly lines
Here are a few examples of PLC functions and directions:
handling of data
Types of PLCs
To understand PLC security, one must first understand the different types. These types can be classified in three main categories:
Advanced PLC: Known to offer the most significant processing power, these PLCs have the greatest networking options, the largest capacity for memory, and the highest I/O expandability.
Compact Controller: Known for having a greater I/O output and a more in-depth set of instructions than average logic controllers, compact controllers are popular for those who are considered intermediate in the PLC space.
Logic Controller: Commonly referred to as a 'smart relay', logic controllers are usually considered a good place to start for beginners. They operate a lower speeds than the other types, and also have a lower I/O.
Finally, security of PLCs
Becoming a hot topic through the past few years, security continues to remain a focus of those in the automation space. By carefully and strategically planning to remain as secure as possible, issues and dreaded downtime are more likely avoided.
The Cybersecurity behind PLCs: The cybersecurity behind PLCs is relatively straightforward and can be defined as the process behind linking the control network to the internet or other networks.
PLC Physical Security: PLC physical security is often overlooked from an operational or management standpoint. When a company or organization is undergoing breach simulations, training, and exercises, PLC physical security should definitely be touched on. Generally, PLC physical security deals with:
editing default passwords
limiting thumb drive access
limiting access to the control system's environment
Understanding Issues with Security
Contrary to popular belief, hackers and scammers do not make up the majority of cybersecurity issues. Regardless of the relationship between a company and an employee, dishonesty and spiteful motives may occur. Typically as a result of malware infections as well as device and software issues, PLC cybersecurity is often overlooked.
In case you weren't aware, PLC cybersecurity is relatively new in the automation world. PLCs are connected to the very same networks that other automation equipment is connected to; they are not separated. The prevalence of TCP/IP networking is increasing insurmountably as the automation space evolves. There are several benefits to TCP/IP networking, and understanding those benefits will in turn help aid the understanding of PLC security.
PLC Security Factors:
A large number of professionals think that because a control system doesn't connect to the internet, it is safe. That is a misconception, as a modem connection could very well experience intrusion and a dreaded hack.
Most IT departments lack experience with factory automation equipment. Do not expect your run-of-the-mill IT professional to have experience in such a niche industry.
In order to cause an operational or programming issue, one does not need to have experience with PC-to-PLC communication.
Microsoft Windows is commonly used in the factory automation space, which, unfortunately, is also common for a large majority of hackers.
Therefore, be sure to become well-aware of methods used by hackers, specifically those in the automation space. Do not expect your average IT professional to be up-to-speed with security in the automation space, because the majority of IT professional simply lack experience in the field. If an individual needs granted access to a thumb drive or control system environment, be sure to test them. Ensure they're trustworthy and well-versed on security specifically in the automation space.
The author is a contributing writer for PDF Electric and Supply (www.pdfsupply.com)