New Top 20 Secure-Coding List Positions PLCs as Plant Bodyguards

  /     /     /  
Publicated : 23/11/2024   Category : security


New Top 20 Secure-Coding List Positions PLCs as Plant Bodyguards


Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.



Programmable logic controllers (PLCs) traditionally have been considered inherently insecure. But a new security initiative that outlines 20 best practices for coding the industrial computing device aims to reimagine the PLC as the last line of cyber defense in an industrial process.
A group of cybersecurity experts and automation engineers has created an open source guide with 20 recommendations for configuring PLCs for resilience in case of a security incident or misconfiguration on the industrial network. The so-called PLC Security Top 20 List — hosted by the ISA (International Society of Automation) Global Cybersecurity Alliance — will be officially released tomorrow, June 15, for automation engineers to use when programming PLCs to perform physical processes, such as controlling the temperature of fluids and opening and closing valves or gates in a plant or facility.
The hope is that PLC vendors ultimately will incorporate or provide templates with their products to help customers employ the best practices when programming their devices.
Sarah Fluchs, CTO at German OT security firm Admeritia and one of the lead authors of the new PLC Security Top 20 List, says two basic PLC characteristics actually can be employed to securely code the devices: their ability to control a physical process such as opening or closing a gate, and that they are by design deterministic.
The PLC can be the last line of defense, the last man standing before you have physical impact from an attack, Fluchs explains. You can bring the basic characteristics ... their strength in knowing the process and knowing how the process works, such as how long holding open a gate is normal and how long is not, she says.
Its not that the PLC can actually prevent a cyberattack, but it can minimize the impact of one on a plants physical process, she says. Its process-monitoring features can be tapped for resiliency and security to flag potentially malicious or unusual behavior: This device contains a lot of knowledge about whats OK to happen and whats not. That knowledge is something we can use.
PLC programming differs from software programming in that its not written in a software programming language and its more about cycles and small tasks. Everything in PLCs is about cycles; you write small tasks that are completed in a short amount of time ... comparing input data with storage-trend data and making quick decisions about what to do, explains Reid Wightman, a vulnerability researcher at OT security firm Dragos. Regular software [programming] is transactional: Im going to make a requirement and you give me a response.
The PLC Security Top 20 Lists approach is analogous to application security coding best-practices such as Microsofts Secure Development Lifecycle (SDL), or OWASPs Secure Coding Practices, but specific to the PLCs existing capabilities. It uses the devices real-time operations and their narrow and specific tasks as security and resiliency as superpowers of sorts. We tried to turn PLCs, often regarded as the Achilles heel of automated plants, into the plants distributed and unrelenting bodyguards, one in front of each (back) door, the lists co-authors wrote in the document, which
goes live tomorrow
.
Secure coding practices in the new Top 20 list are grouped by security objectives, which encompass integrity (of PLC logic, timers and counters, and I/O values); hardening the attack surface; resilience; and monitoring specific values in the PLC that could indicate security issues.
Among the best practices included in the list are obvious ones like splitting PLC code into modules you can more easily test, as well as keeping the PLC in RUN mode and ensuring an alarm sounds if that changes, indicating the PLC is not processing input/output data, and using PLC error flags for integrity-checks. It also calls for using cryptographic hashes or checksums to test for any issues with the PLC code integrity, disabling unneeded ports and protocols, logging PLC uptime and hard stops on the HMI, monitoring PLC memory usages and displaying it on the HMI, and capturing critical alerts.
The list is meant to evolve and grow, and the initial Top 20 is considered a Version 1.0 document open to comments and ongoing input. Its absolutely something that needs to mature, Fluchs says.
Properly Programmed PLCs
Until recently, PLCs mostly were not connected to anything outside their industrial control systems or other PLCs. Digitization, of course, has changed all of that, as the once sacred line between IT and OT networks has become blurrier.
Most PLC security research to date has focused on ways to hack into PLCs or rig them with malware to alter the industrial process or compromise the devices ladder logic (basically, the programming language used to code PLCs). Researchers have built
rootkits
and
worms
for PLCs, and most recently, found
holes in next-generation security features
, such as Siemens memory protection in some of its SIMATIC PLCs.
But most real-world attacks affecting industrial organizations thankfully havent touched the PLC: Theyve been
opportunistic
IT-type threats, most recently cybercrime-driven ransomware that has disrupted their IT networks, and in cases like Colonial Pipeline, resulted in the company shutting down its OT networks as a precaution and temporarily causing a gas shortage scare in parts of the US.
The recent breach of the water plant in the city of Oldsmar, Fla., however, demonstrated the potential dangers of a cyberattack that could lead to a physical outcome: In that case, poisoned drinking water. An intruder appeared to somehow have
obtained system credentials
to remotely control the settings via the TeamViewer application, and raised the sodium hydroxide, or lye, level to a dangerous amount. While an observant operator noticed the change and the plant had other digital guardrails in place that would have stopped contamination of the water system, it could have gone dangerously wrong in other scenarios.
A properly programmed PLC, notes Dale Peterson, CEO of Digital Bond, would thwart such a rogue setting. It would generate an alarm that, hey, this was trying to set something outside the [proper] range.
Peterson says the Top 20 list really is more about preventing misconfigurations from causing a physical event because operator and technician errors account for the majority of cyber-borne outages in industrial systems.
If youve got a dedicated attacker going at you, this is not going to save you, notes Peterson. But this [list] is going to stop a lot of mistakes causing outages and incidents. ... Its biggest benefit is preventing a process from getting into a bad state.
The recommendation for monitoring PLC memory, for example, could flag any unusual activity since the PLC tends to use memory at a consistent level over time. If you see a spike all of a sudden in memory usage and [get] alarming on that, its very useful, he notes.
That feature actually currently available for some PLCs. The PLC Top 20 list cites Rockwell Allen-Bradleys RSLogix 5000 Task Monitor Tool, which includes a feature to set memory baseline usage of its PLCs and to track any trends.
The top 20 list consists of:
Modularize PLC Code
Monitor operating modes
Leave operational logic in the PLC wherever feasible
Use PLC flags as integrity checks
Use cryptographic and / or checksum integrity checks for PLC code
Validate timers and counters
Validate and alert for paired inputs / outputs
Validate HMI input variables at the PLC level, not only at HMI
Validate indirections
Assign designated register blocks by function (read/write/validate)
Instrument for plausibility checks
Validate inputs based on physical plausibility
Disable unneeded / unused communication ports and protocols
Restrict third-party data interfaces
Define a safe process state in case of a PLC restart
Summarize PLC cycle times and trend them on the HMI
Log PLC uptime and trend it on the HMI
Log PLC hard stops and trend them on the HMI
Monitor PLC memory usage and trend it on the HMI
Trap false negatives and positives for critical alerts

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Top 20 Secure-Coding List Positions PLCs as Plant Bodyguards