Programmable Logic Controllers — Security Threats and Solutions

This security application brief provides an example security analysis for programmable logic controllers. The intent is to highlight various potential threat scenarios and corresponding steps to help combat them. This process includes the identification and ranking of potential threats and exploring relevant TI security enablers.

This brief leverages the first.org CVSS 3.1 calculator. All scoring in this brief is based on TI's assessment. Readers should adjust each parameter according to their targeted applications and system designs.

Trademarks

Sitara is a registered trademark of Texas Instruments.

All other trademarks are the property of their respective owners.

1 Introduction

A programmable logic controller (PLC), also known as a programmable controller, serves as a computer for industrial manufacturing. PLCs bring flexibility (ability to reprogram quickly) with reliability (minimal power down and maintenance) and ease of use in a standalone factory environment. Originally conceived for the auto manufacturing industry in the 1960s to replace hard-wired options such as relays and enable programmable, real-time control of equipment, PLCs are now ubiquitous in the manufacturing industry. They are a necessary component of factories of today and of future, and instrumental to safety, reliability and continuous operation.

Over the past five decades, PLCs have evolved to meet the ever-growing needs of more automation and more data handling. This includes miniaturization, deterministic communication, moving to distributed control systems and cloud connectivity.

Figure 1. A typical PLC

2 Reinventing the PLC for Industry 4.0

Industry 4.0, also known as the Fourth Industrial Revolution, typically refers to the digitization of the manufacturing industry and the collection and use of information in real time to create smart factories. The goal is to sense, share and control health data, status and operation of factory equipment and product in real time while enabling intelligent and self-aware machines such as robots to drive increased efficiency and flexibility.

The digitization of the factory requires communications, information technology (including cloud storage and interaction), and data and physical elements like PLCs in factories, where machines interact with humans, other machines and the products being manufactured. Integrated sensing delivers decision-critical data, and real-time information processing, control and communication are driving profound changes in the entire industrial ecosystem ^[1].

Industry 4.0 is depending on PLC technology to be a key factor in this transformative evolution.

3 Security implications

Before looking at the security threats and possible solutions, quickly review how PLCs fit into the factory/Industry 4.0 world. In Figure 2, PLCs are in each element.

Figure 2. Factory floor setting

As factories have evolved, a few trends are worth considering for PLCs in the context of security ^[2]:

Networked environments. In today’s automated factories, PLCs are no longer stand-alone components. They need to interact in real time with each other within different systems in a factory, and potentially with cloud metadata to make control decisions in real time. Network reliability and is a priority.
Distributed control. The world has moved from centralized control brains in factories to a more distributed control model of several autonomous subsystem brains, sometimes even within the same machine. This places a premium on real-time communication integrity and network reliability.
Deterministic communication. The need to respond to faults or failures, especially in an automated environment, places a premium on communication and processing reliability with low latencies.
Minimal downtime. The push to minimize downtime has driven the demand for hot-plug features. A need exists for trust and integrity checks to potentially span multiple sessions, not just within the same session.

3.1 Threat descriptions and risk assessment

Given the critical role that PLCs play in digital factories, Table 1 shows the potential attacks that can leave factories vulnerable. The threat scores listed in the third column leverage the first.org Common Vulnerability Scoring System Version 3.0 Calculator ^[2]. The higher the score, the greater the security risk, indicating the need to take proactive steps to enable countermeasures.

Table 1. Typical security threats for PLCs ⁽¹⁾

Threat	Threat Description	Threat Score	CVSS
Denial-of-service attacks	Bringing the system or PLC network down through malicious attacks; overloading the data stream to overload the memory, for example	8.6	CVSS Calculation – 8.6
Spoofing	Intercepting communication to the host from the PLC and modifying it maliciously	8.5	CVSS Calculation – 8.5
Man-in-the-middle attacks	A rogue PLC or remote input/output (I/O) intercepts and modifies/changes messages from a valid source, and forwards attack messages to a targeted PLC in an attempt to take down the PLC or have it respond in unintended way, like shutting down a section of a factory	8.5	CVSS Calculation – 8.5
Rogue PLC joining network	A rogue PLC impersonating a legitimate PLC joins a factory network to create attack scenarios	8.5	CVSS Calculation – 8.5
PLC takeover	Changing the PLC program or boot image to alter intended operations and create attack scenarios or denial-of-service attacks	7.4	CVSS Calculation – 7.4
Remote device management serves exploits	Using remote device management services such as web managers, Telnet or Secure Shell running over a PLC for debugging or status reporting to gain control of a PLC or change its configuration	7.4	CVSS Calculation – 7.4

Inputs used in the CVSS 3.0 calculator are based on TI’s assessment. You should review the threats and adjust based on your system design.