Cybersecurity Concept Image 3 63851dfeca4ff

Cope with change—protect PLCs

Dec. 1, 2022
Cybersecurity week 2022—day 4: Huffman Engineering advises following real-life and IT examples

Beyond simply multiplying, cyber-probes, -intrusions and -attacks are growing more sophisticated, and requiring users to protect entire systems instead of single access points.

“Cyber-criminals used to focus on taking control of a PLC, but now we’re seeing them attempt to gain access to the entire network through PLCs. That kind of access can be absolutely debilitating to a plant or public utility,” says Keith Mandachit, PE, engineering manager at Huffman Engineering Inc., a CSIA-certified system integrator in Lincoln, Neb. “These hackers are attempting to exploit the network through the engineering workstations, and any disparity between your IT and OT operations can open a window of opportunity for an attack we’ve seen called ‘Evil PLC attack.1’ ”

To handle the everchanging risk posed by cyber-threats, Mandachit reports that users must constantly and consistently educate and communicate among their staffs, contractors and clients. “Looking outside of your organization to learn of real-life examples and passing that knowledge onto you own stakeholders is imperative. The stakes are high as these attacks grow more sophisticated, so it’s not just about controlling your own internal processes anymore,” he explains. “Limiting access points is key to defending against attackers weaponizing PLCs. This includes managing the risk of allowing a third party’s external team to connect a laptop to your network and systems."

Mandachit reports that cybersecurity mitigation strategies should include:

  • Conduct a cybersecurity risk assessment (RA) and asset inventory to determine risk tolerance and budgetary plan;
  • Communicate with all stakeholders, such as operators, IT, automation engineers and management;
  • Limit access to PLCs with policies and procedures that control access, and allow only approved and vetted personnel access to applicable systems;
  • Monitor network traffic and analyzing it for unusual events, such as uploading and downloading PLCs with automated notifications;
  • Segment networks to reduce the risk of an attack infecting overall networks; and
  • Stay current with patches and other software updates.

“Reputable system integrators will regularly monitor and communicate updates with customers,” adds Mandachit. “These strategies used in conjunction can provide a unified front across your organization to help combat attacks.”

Converge and coordinate 

Just as cooperation between OT and IT can aid all kinds of digitalization, it’s also one of the most crucial ways to achieve cybersecurity.

“It’s always a challenge to get the IT and OT departments to work together. Both have important initiatives to accomplish but finding an effective balance for the entire organization can be difficult,” says Mandrachit. “Vulnerabilities can be exposed when the IT and OT departments can’t find the middle ground between security risk and production. If OT won’t budge on allowing the latest security updates, that exposes them to the risk of the newest cyber-attacks. If IT doesn’t recognize the importance of a continuous schedule, production goals can’t be met. These two have to find a middle ground, and often a certified control system integrator, who understands the importance of both areas when it comes to cybersecurity, can stand in the gap and help bring them together.”

About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.