Designing Actively Secure, Highly Available Industrial Automation Applications

01/06/2021
by   Awais Tanveer, et al.
0

Programmable Logic Controllers (PLCs) execute critical control software that drives Industrial Automation and Control Systems (IACS). PLCs can become easy targets for cyber-adversaries as they are resource-constrained and are usually built using legacy, less-capable security measures. Security attacks can significantly affect system availability, which is an essential requirement for IACS. We propose a method to make PLC applications more security-aware. Based on the well-known IEC 61499 function blocks standard for developing IACS software, our method allows designers to annotate critical parts of an application during design time. On deployment, these parts of the application are automatically secured using appropriate security mechanisms to detect and prevent attacks. We present a summary of availability attacks on distributed IACS applications that can be mitigated by our proposed method. Security mechanisms are achieved using IEC 61499 Service-Interface Function Blocks (SIFBs) embedding Intrusion Detection and Prevention System (IDPS), added to the application at compile time. This method is more amenable to providing active security protection from attacks on previously unknown (zero-day) vulnerabilities. We test our solution on an IEC 61499 application executing on Wago PFC200 PLCs. Experiments show that we can successfully log and prevent attacks at the application level as well as help the application to gracefully degrade into safe mode, subsequently improving availability.

READ FULL TEXT
research
04/19/2021

On Design-time Security in IEC 61499 Systems: Conceptualisation, Implementation, and Feasibility

Cyber-attacks on Industrial Automation and Control Systems (IACS) are ri...
research
07/24/2021

Secure Links: Secure-by-Design Communications in IEC 61499 Industrial Control Applications

Increasing automation and external connectivity in industrial control sy...
research
01/16/2018

Considerations regarding security issues impact on systems availability

Control systems behavior can be analyzed taking into account a large num...
research
06/27/2020

Software Enabled Security Architecture for Counteracting Attacks in Control Systems

Increasingly Industrial Control Systems (ICS) systems are being connecte...
research
12/15/2017

Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security ...
research
05/23/2018

On the Formal Model for IEC 61499 Composite Function Blocks

The applications for IEC 61499 that is standard architecture for develop...
research
12/29/2022

Towards Comprehensively Understanding the Run-time Security of Programmable Logic Controllers: A 3-year Empirical Study

Programmable Logic Controllers (PLCs) are the core control devices in In...

Please sign up or login with your details

Forgot password? Click here to reset