Protect your PLCs from cyber threats
As technology has developed, so too have the dangers associated with being constantly connected, with programmable logic controllers (PLCs) under constant threat from cyber attacks.
PLCs are the main component of industrial control systems, managing and controlling steps in manufacturing processes. They were invented in 1968 by Dick Morley, when the internet did not exist. Today, connectivity allows for remote access to PLCs, but it also exposes the system to cyber attacks.
Cyber threats are not a new phenomenon. On 2 November 1988 when Robert Morris created a new type of worm. One of the first worms to be distributed by the internet, computers were disabled by the stress of unnecessary processing. The worm highlighted security flaws across internet-connected systems.
Since then, cyber threats have become more refined, endangering the smooth running of computer systems and connected equipment.
EU Automation APAC sales director John Young has shared his advice on keeping PLCs safe from attack, pointing out that for every step forward in the development of the PLC , there is similar advancement in the sophistication of cyber attacks.
In 2010, the Stuxnet worm was first uncovered and cited as being responsible for causing substantial damage to Iran’s nuclear program after it gained access to computers through a USB port. The malware quickly spread through internet connected devices. The worm worked by altering the PLC’s programming, thus impacting on ongoing processes. However, because the PLC communicates that everything is working as it should it is difficult to detect a problem until it is too late.
Stuxnet reportedly ruined 20% of Iran’s nuclear centrifuges.
John says that as connectivity increases, cyber security has to become top priority and that security strategies start with people, stressing that a ‘need to know’ policy should be in place and staff knowledge was key to building a security framework.
He adds that management can reduce the risk of cyber attack by limiting the number of people accessing connected devices. While several workers may require access to PLCs, the creation of individual accounts means that levels of access could be assigned and staff’s actions could be monitored.
Most PLCs have an average lifespan of about 20 years meaning that many current ones have been in operation since before cyber security became a big issue. Upgrading can be a major investment, and not always a viable option for smaller businesses so John recommends that they partner with reliable industrial parts suppliers to ensure they can purchase the best PLC for the job.