Applied methods to detect and prevent vulnerabilities within PLC alarms code

Abstract

Abstract Adversaries may target alerting alarms raised by PLCs (Programmable Logic Controllers) to prevent notifying operators of critical conditions, to hide faults, to disrupt operations, to cause damages to ICS (Industrial Control Systems) and surrounding environment, or to lead to financial loss. The paper focuses on exposing vulnerabilities of the ladder logic code that handles the alerting alarm messages and how to mitigate them. A real-time test bed of a PLC alarms code was developed and used to conduct several stealthy attack techniques to suppress or hinder alarms by exploiting code vulnerabilities. A novel ladder logic solution that consists of countermeasures against the introduced attacks was proposed, demonstrated, and tested. The countermeasure techniques, such as scan time and heartbeat techniques, were able to detect and prevent the code vulnerabilities and other abnormalities. The provided countermeasure techniques in this experiment could be applied to any PLC to enhance the validity and security of its PLC alarms code. Article Highlights Four stealthy attack models were introduced to exploit PLC alarms code. They were embedded to skip, delete, fake out, or delay alerting alarms. Real-time countermeasure solutions with different techniques were introduced: scan time code, heartbeat code, and physical plausibility check. They effectively detected and prevented the introduced attack models. PLC alarms Code general abnormalities was validated and detected using scan time techniques. A list of general best code practices for PLC alarms code was introduced to mitigate code vulnerabilities.