Applying security to PLCs
IT students suggest ways PLCs could be made more secure.
Dear Control Engineering: After watching the video with the DePaul University cyber security students, I was wondering what kind of PLC they used in the class? Is there any more detail on what they found with the security measures?
We normally don’t like to offer advice to would-be hackers, but here is a little more information that did not make it into the video due to the time constraints.
The PLC that the class used was an Allen-Bradley MicroLogix 1100. That particular unit was chosen primarily for its wide deployment, and the fact that it is typical of many of its type. Matt Luallen expects to expand the offering in future sessions, and is already adding a similar unit from Siemens.
A line of questions that ended up on the digital cutting room floor had to do with what the students would suggest to A-B as ways to beef up the security capabilities. Some ideas included:
• Stop using HTTP for the Web GUI, and switch to SSL. They agreed this would be a major step.
• Allow the user to change the administrator name.
• Add requirements for authentication. As it is, one noted that there are big chunks of programming that they can get to without any authentication.
• There’s little protection against sending manipulated data.
Their consensus was that these security features are used in virtually every other field of IT, but not here. Food for thought for the manufacturing community.
Peter Welander, pwelander(at)cfemedia.com
Case Study Database
Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
2012 Salary Survey
In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.
Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.