Secure PLC Programming – Cybersecurity Magazine

Secure PLC Programming - Cybersecurity Magazine

PLC’s, or Programmable Logic Controllers, are a core part of most industrial control systems(ICS). Programming is integral to the designation, suggesting that these units can be tailored to perform specific functions within ICS infrastructures.

Since they can be programmed, it also implies the possibility of being reprogrammed for malicious purposes. For instance, in 2010, Programmable Logic Controllers (PLCs) in the Iranian nuclear program were altered to cause damage to the centrifuges used in the program.

PLCs are programmed using a specific method, and before discussing the security issues, this method of programming will be explained.

Ladder logic (or ladder diagram) is a graphical programming language used to program Programmable Logic Controllers (PLCs). It’s designed to resemble electrical relay logic diagrams, which made it intuitive for electricians and technicians transitioning from physical control panels to digital automation.

Basic Structure of Ladder Logic

Ladder logic is composed of “rungs” on a ladder, where:

  • The vertical rails on either side represent power (left = hot, right = neutral).
  • Each rung represents a control logic operation (like an if-statement).
  • Instructions (contacts, coils, timers, counters, etc.) are placed horizontally between the rails on each rung.

Advantages of Ladder Logic

  • Easy to understand for technicians with electrical backgrounds.
  • Visual and intuitive.
  • Widely supported across PLC platforms (e.g., Allen-Bradley, Siemens, Mitsubishi, …)

Keep in mind, that there are differences between the various vendors, and the ladder logic Ihave described here is more generic and vendor neutral!

Ladder programming, used for Programmable Logic Controllers (PLCs) in industrial automation, is generally considered reliable for process control. However, there are several security risks specific to ladder logic and PLC systems, especially in the context of Industry 4.0 and increased connectivity. Some of the main risks are:

  • Lack of Authentication and Authorization
  • Insecure Network Communication
  • Logic Bombs and Backdoors in Ladder Code
  • Insufficient Code Verification and Validation
  • Firmware and Software Exploits

There is of course also the risk of someone getting physical access to the PLC, but i am focusing on programming security and automation of PLCs.

The logic bombs and backdoors point above might sound sensationalist, but these kinds of attacks have happened in the real world, as shown in the table below.

Physical damage to nuclear centrifuges

Could have caused explosion

Environmental contamination

Security tool updates, vendor response

 

The above table only shows the ones that have received the most attention, there are many more that never sees the light of day.

The point around code verification and validation is a serious one as well. We have a very mature set of tools that can help us program securely when doing normal programming on non-PLC platforms, using languages like:

  • Python
  • JavaScript/Typescript
  • C#
  • C/C++

Using tools inside of the IDE, or external tools like Static testing on the source code, and dynamic testing on running code. The same is not the case for Ladder Logic. I predict that this will change rapidly in the coming years, for now though, we have to rely on the skillset of the PLC programmer.

Mitigating the security risks related to ladder programming of PLCs requires a combination of technical controls, best practices, and organizational policies. The documents in the IEC 62443, a security standard for operational technology, can help with the development of controls and policies. Especially the documents on the IEX 62443-3 series and the documents in IEC 62443-4 series. There are multiple documents underneath each of the 3 and 4 series. For now, here are some recommendations:

  • Access Control & Authentication
    • Prevents unauthorized personnel from accessing or modifying ladder logic.
  • Code Management & Version Control
    • Helps detect unauthorized changes and maintain accountability for code updates.
  • Secure Communications
    • Prevents attackers from intercepting or injecting malicious logic over the network.
  • Patch Management & Firmware Updates
    • Addresses known vulnerabilities that attackers can exploit.

That last point will be difficult to implement, especially in OT infrastructure that is more than 10+ years old. It is only in recent years that the various OT vendors have begun maintaining the firmware code that the PLC’s are based on. This will get better when the Cyber Resilience Act from the EU takes effect. The main obligations from this legislation will apply from 2027.

If the references to IEC 62443 was unknown to you, I can reveal that a series of articles on this standard, and the various sections will appear on this site during summer, so stay tuned!

 


Source link