Applying security to PLCs

IT students suggest ways PLCs could be made more secure.

07/03/2011


Dear Control Engineering: After watching the video with the DePaul University cyber security students, I was wondering what kind of PLC they used in the class? Is there any more detail on what they found with the security measures?

We normally don’t like to offer advice to would-be hackers, but here is a little more information that did not make it into the video due to the time constraints.

The PLC that the class used was an Allen-Bradley MicroLogix 1100. That particular unit was chosen primarily for its wide deployment, and the fact that it is typical of many of its type. Matt Luallen expects to expand the offering in future sessions, and is already adding a similar unit from Siemens.

A line of questions that ended up on the digital cutting room floor had to do with what the students would suggest to A-B as ways to beef up the security capabilities. Some ideas included:

• Stop using HTTP for the Web GUI, and switch to SSL. They agreed this would be a major step.

• Allow the user to change the administrator name.

• Add requirements for authentication. As it is, one noted that there are big chunks of programming that they can get to without any authentication.

• There’s little protection against sending manipulated data.

Their consensus was that these security features are used in virtually every other field of IT, but not here. Food for thought for the manufacturing community.

Peter Welander, pwelander@cfemedia.com



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
World-class maintenance: The three keys to success - Deploy people, process and technology; 2016 Lubrication Guide; Why hydraulic systems get hot
Your leaks start here: Take a disciplined approach with your hydraulic system; U.S. presence at Hannover Messe a rousing success
Hannover Messe 2016: Taking hold of the future - Partner Country status spotlights U.S. manufacturing; Honoring manufacturing excellence: The 2015 Product of the Year Winners
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
Improving flowmeter calibration; Selecting flowmeters for natural gas; Case study: Streamlining assembly systems using PC-based control; CLPM: Improving process efficiency, throughput
Putting COPS into context; Designing medium-voltage electrical systems; Planning and designing resilient, efficient data centers; The nine steps of designing generator fuel systems
Warehouse winter comfort: The HTHV solution; Cooling with natural gas; Plastics industry booming

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
This article collection contains several articles on the vital role that compressed air plays in manufacturing plants.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
This article collection contains several articles on strategic maintenance and understanding all the parts of your plant.
click me