John Young, APAC sales director at industrial equipment provider EU Automation, gives his advice for keeping your programmable logic controllers safe from cyber-attack.
Programmable logic controllers (PLCs) function at the heart of an industrial control system, managing and controlling various steps in the manufacturing process. As technologies levied by the Internet of Things have improved connectivity, manufacturers can remotely access their PLCs for more flexible maintenance and real-time monitoring.
Connectivity may be one the PLC’s greatest strengths, but it is also its silver bullet. When Dick Morley invented the humble PLC in 1968, the internet didn’t exist. Today, for the PLC to perform its monitoring and control processes, connection is essential. At the same time, it is this connectivity that exposes it to cyber-attacks.
The Great PLC Hack
Every step forward in the development of the PLC is matched by an advancement in the sophistication of cyber-attacks. The Stuxnet worm was first uncovered in 2010 and is believed to be responsible for causing substantial damage to Iran’s nuclear programme by gaining access to computers through a USB. When the Stuxnet worm infects a computer, it finds out whether it is connected to a specific model of PLC. The worm then alters the PLC’s programming and therefore impacts the processes in a plant. Because the PLC is communicating that everything is working as it should, it is difficult for the control system or an employee to detect what’s going wrong until it’s too late.
As connectivity increases, cybersecurity must become a top priority. A robust security strategy begins with people. Manufacturers can also reduce the risk of cyber-attack by limiting the number of people that access connected devices. Several workers may need to access a PLC to monitor and control various processes on the factory floor. By creating individual accounts that only give the level of access that is necessary to each worker, managers can easily track and monitor their staff’s actions while preventing people from accessing data that they are not trained to handle.
PLCs have very long lifespans. Running an average of 20 years, many in use today have been in operation since a time when cyber security was less of a pressing priority. At the same time, upgrading to the latest PLC on the market can be a major investment, which isn’t always viable for smaller businesses.
Manufacturers are constantly stepping up their cyber-security game, but so are cyber-criminals. The Morris worm highlighted security flaws across internet-connected computer systems with disastrous consequences. To limit damage to their plant, manufacturers should prioritize security, one PLC at a time.
CHECK OUT OUR LATEST ISSUE!
WANT MORE INDUSTRY INSIGHTS? SUBSCRIBE TO IAA NOW!