How to secure your programmable logic controller
By Joseph Zulick, MRO Electric
As security concerns increase in many sectors, including the factory automation space, getting up-to-speed with the different types of programmable logic controller security is imperative.
By creating and implementing an effective strategy to remain secure, you will likely avoid issues, downtime, and setbacks.
PLC cyber security: How the control network is linked to the internet, as well as other networks.
PLC physical security: Deals with correcting default passwords, limiting access to thumb drives and securing access, and having only certified employees in the control system’s environment.
MRO Electric and Supply maintains a comprehensive stock of Modicon PLC parts, including the Modicon Quantum series. Also, feel free to check out our repair and core exchange programs to learn how to save.
Understanding issues with security
In order to create and implement training and procedures for staff, you must understand how issues with security occur.
Not all cybersecurity attacks occur from external hackers or scammers. In fact, experts believe that only an estimated 20 per cent of all cybersecurity attacks are intentional and intended to be malicious.
Whether you think it’s possible or not, an offended employee could indeed be your hacker.
Almost always caused by software issues, device issues, and malware infections, cybersecurity seems straight-forward initially, until you dig into those fine, often overlooked details.
As many in the automation space may know, PLC cybersecurity wasn’t a thing a decade ago.
These days, PLCs are connected to business systems through any run-of-the-mill network and aren’t separated from other networks that other automation equipment may also be on.
As time goes on, it’s becoming more and more common to see TCP/IP networking from a business system standpoint.
By connecting via TCP/IP, data exchange, as well as more rational and scalable business decisions, is enabled.
To continue to up your PLC knowledge, be sure to check out our article covering Modicon PLC history.
PLC security factors
- Although it may not actually connect to the internet, a control system is unsafe. Contrary to popular belief, a modem connection could also experience intrusion and a hack.
- Wireless networks, laptop computers, and trusted vendor connections could be other sources of connections in which people may be likely to overlook.
- Keep in mind that the majority of IT departments are unaware of factory automation equipment, including CNCs, CPUs, PCBs, robotics parts and, last but not least, PLCs.
- Piggybacking off of the last point, IT departments’ lack of experience with the aforementioned equipment, along with their lack of experience with industrial standards and scalable processes indicate that they should not be in-charge and responsible for a company’s PLC security. Nobody wants an annoyed employee to make inappropriate changes to a PLC’s communication highway.
- Hackers do not necessarily need to understand PLC or SCADA to block PC-to-PLC communication. They absolutely do not need to understand a PLC or SCADA system to cause operational or programming issues.
- Often times, control systems, including ones that many PLCs integrate with, use Microsoft Windows, which is very popular amongst hackers.
- Some PLCs crash simply by pinging an IP address, like what happened at the Brown’s Ferry Nuclear Plant, which is located in upstate Alabama. Since the incident in 2006, the plant has undergone numerous security, operational, and management improvements.
