Fear the Hacker—Protect Your PLC from Cyberattacks

Industry Fights Back: Protect Your PLC from Cyberattacks

Oct. 10, 2017
EU Automation explains how manufacturers can use programmable logic controllers and still reduce the risks of cyberattacks like Stuxnet, one of the worst in industrial history.

The Stuxnet worm first infected Windows computers at the Iranian Bushehr nuclear power plant when it gained access to the computers by USB. A USB is considered vulnerable to an onsite hacker attack—in this case, use of a USB stick meant that the worm could spread across computers and networks that were not connected to the internet.

The next victim of the Stuxnet worm was the programmable logic controller (PLC) at a plant to control automated processes on the factory floor. It is not clear who wrote Stuxnet and why, but it has made industries more aware of how a factory can be vulnerable if its computers are not protected.

A PLC is an automated decision-making tool that monitors the state of connected devices and makes decisions to streamline processes.

Technological advances prompted by the Internet of Things (IoT) allow manufacturers to streamline and monitor processes by connecting devices to oversee production in real time. A case in point is the PLC, which is an automated decision-making tool that monitors the state of connected devices and makes decisions to streamline processes. PLCs have now begun offering remote access for ease of maintenance and more flexibility to control other devices.

When fully protected, devices such as a PLC, whether on or offline, can optimize a number of processes on the factory floor. To monitor and control processes, PLCs must be connected to the internet. However, this exposes the technology to cyberattacks. When installing these devices, manufacturers must choose the correct supplier that prioritizes security in not just the device, but also in its programming tools. The following is a list of guidelines for users of PLC systems as they become connected to the internet.

Cybersecurity

With more devices connecting to the internet, cybersecurity must become a priority to manufacturers. The best way to mitigate the risk of a cyberattack is to prevent any device in the factory from connecting to the outside world. However, this is impossible if manufacturers use devices that require access to the internet to monitor in real-time.

To protect PLCs and other connected devices in the factory, manufacturers must consider the measures that they can take both physically and online. This includes firewalls and creating closed networks where devices are only accessible from the factory-floor network.

Enclosures

PLCs are primarily vulnerable to internal hacking as malware can be introduced to a port using a USB. Manufacturers can limit the access to the Ethernet ports on PLCs and the devices that connect to it by enclosing the equipment. Any device with an Ethernet port that can gain access to the PLC must be locked in an enclosure to restrict the opportunity to tamper with the device. Only authorized workers will have access to the machine and be allowed to use USB sticks with the PLC.

Protection

Just like PCs at home, there is software that will protect a PLC to a certain extent. Installing antivirus software protects the PLC and prevents malware from spreading. However, having antivirus software installed isn’t enough. Hackers constantly develop techniques to introduce malware to computers or PLCs once they see that a previous method is blocked. Manufacturers must regularly update their antivirus software to ensure that hackers cannot find a new path to the PLC.

Advances in hardware and connectivity will allow PLCs to carry out more tasks, such as remote and real-time monitoring.

Accounts

Manufacturers can also reduce the risk of cyberattacks by limiting who can access PCs or devices that connect to the PLC. Several workers may need access to a PLC for different reasons to monitor or control processes on the factory floor. Creating multiple accounts allows the plant or IT manager to control each worker’s access and track their actions. Each person that requires access must be given a personal account with different levels of access, depending on their needs. Manufacturers must also allocate strong passwords to each account to prevent anyone from accessing an account that they should not.

The Future

PLCs have changed a lot in the past 50 years, and will no doubt become faster, smaller, and more efficient as time rolls on. Advances in hardware and connectivity will allow PLCs to carry out more tasks, such as remote and real-time monitoring. Manufacturers will have further opportunities to automate the factory floor with technologies such as PLCs. However, strong cybersecurity is important in order to protect the factory floor. Preventative measures help ensure that factories are cyber-safe no matter what hits them, just in case the Stuxnet worm reappears.

Jonathan Wilkins is marketing director for EU Automation. EU Automation is an obsolete industrial parts supplier and focuses on how manufacturers can use legacy programmable logic controllers in industry.

About the Author

Jonathan Wilkins | Marketing Director

Jonathan Wilkins is marketing director at EU Automation.

Sponsored Recommendations

How to Build Better Robotics with Integrated Actuators

July 17, 2024
Reese Abouelnasr, a Mechatronics Engineer with Harmonic Drive, answers a few questions about the latest developments in actuators and the design or engineering challenges these...

Crisis averted: How our AI-powered services helped prevent a factory fire

July 10, 2024
Discover how Schneider Electric's services helped a food and beverage manufacturer avoid a factory fire with AI-powered analytics.

Pumps Push the Boundaries of Low Temperature Technology

June 14, 2024
As an integral part of cryotechnology, KNF pumps facilitate scientific advances in cryostats, allowing them to push temperature boundaries and approach absolute zero.

The entire spectrum of drive technology

June 5, 2024
Read exciting stories about all aspects of maxon drive technology in our magazine.

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!