PLC Code Vulnerabilities and Attacks: Detection and Prevention

Programmable Logic Controllers (PLCs) play an important role in Industrial Control Systems (ICS), production lines, public infrastructure, and critical facilities. A compromised PLC would lead to devastating consequences that risk workplace safety, humans, environment, and associated systems. Because of their important role in ICS, more specifically PLC Based Systems (PLC-BS), PLCs have been targeted by various types of cyber-attacks. Many contributions have been dedicated to protecting ICS and exploring their vulnerabilities and threats, but little attention and progress have been made in enhancing the security of PLC code by utilizing internal PLC ladder logic code solutions. Mainly the contributions to protect and secure PLC-BS are related to external factors such as industrial networks, Supervisory Control And Data Acquisition Systems (SCADA), field devices, and servers. Focusing on those external factors would not be sufficient if adversaries gain access to a PLC since PLCs are insecure by design - do not have built-in self-defense features that could reduce or detect abnormalities or vulnerabilities within their running routines or codes. PLCs are defenseless against code exploitations and malicious code modifications. This research work focuses on exposing the vulnerabilities of PLC ladder logic code and provides countermeasure solutions to detect and prevent related code exploitation and vulnerabilities. Several test-bed experiments, using Rockwell PLCs, were conducted to deploy real-time attack models against PLC ladder logic code and provided countermeasure solutions to detect the associated threats and prevent them. The deployed attacks were successfully detected by the provided countermeasure solutions. These countermeasure techniques are novel, real-time PLC ladder logic code solutions that can be deployed to any PLC to enhance its code defense mechanism and enable it to detect and prevent code attacks and even bad code practices. The main novel contribution, among the provided countermeasure solutions, is the STC (Scan Time Code) technique. STC is a ladder logic code that was developed, deployed, and tested in several test-bed experiments to detect and prevent code abnormalities and threats. STC was able to detect and prevent a variety of real-time attack models against a PLC ladder logic code. STC was designed to capture and analyze the time a PLC spends in executing a specific routine or program per scan cycle to monitor any suspicious code modifications or behaviors. Any suspicious modifications or behaviors of PLC code within a particular routine would be detected by STC which in return would stop and prevent further code execution and warn operators. In addition to detecting code modifications, the STC technique was used to detect any modification of the CPU time slice scheduling. Another countermeasure technique was PLC code that was used to detect and prevent the manipulation or deterioration of particular field devices. Moreover, several countermeasure PLC code techniques were proposed to expose the vulnerabilities of PLC alarms code where adversaries could find ways to launch cyber-attacks that could suppress (disable) or silence the alarms and critical faults of associated ICS devices monitored by PLCs. Suppressed alarms would not be reported to operators or promptly detected, resulting in devastating damage. All provided countermeasure solutions in this work were successfully tested and capable of detecting, preventing, or eliminating real-time attack scenarios. The results were analyzed and proved the validity of the provided countermeasure solutions. This research work, also, provides policies, recommendations, and general countermeasures to enhance the validity and security of PLC code. All the techniques provided in this work are applicable to be implemented and deployed to any PLC at no extra cost, additional resources, or complex integration. The techniques enhance the security of PLCs by building more defensive layers within their respective routines which in return would reduce financial losses, improve workplace safety, and protect human lives and the environment

Coverage criteria for UML state chart diagram in model-based testing

Software testing is a necessary and essential part of the software quality process and plays a major role in detecting errors in systems. To improve the effectiveness of test case generation during software testing, and with the growing adoption of UML by software developers and researchers, many studies have focused on the automation of test case generation from UML diagrams. One of these diagrams is the UML state chart diagram. These test cases are generally generated to achieve certain coverage criteria. However, combinations of multiple criteria are required to achieve better coverage. Different studies use various number and type of coverage criteria in their methods and approaches. This paper reviews previous studies to present the most practical coverage criteria combinations for UML state chart diagram, including all-states, all-transitions, all-transition-pairs and all-loop-free-paths coverage. A special calculation is necessary to determine the coverage percentage of the proposed coverage criteria. This paper presents a calculation method to achieve this goal with an example is applied to a UML state chart diagram. This finding would be beneficial in the area of automatic test case generating for model-based testing and especially in the UML state chart diagram

The programmable logic controller : its prehistory, emergence and application

Programmable Logic Controllers (PLCs) are widely used devices controlling industrial machines and processes and many other diverse applications, requiring primarily, combinatorial logic and sequential control. The PLC is a hidden technology, little known by the general public and overlooked in academic historical studies of technology. The research reported in this thesis aims to address this lack of awareness. The thesis explores the development of sequential and combinatorial logic control technologies, the emergence of the PLC, its subsequent development and its industrial applications. Patents and first- hand accounts and experiences from senior industrial engineers in a number of diverse manufacturing industries have been used as the primary research sources since, as a hidden technology, academic historical accounts are sparse. This approach illustrates, through using the PLC as an example, a potential method of studying other, unrelated hidden technologies. The research has revealed the influence of geography, industrial settings and earlier engineering practices on the design, selection and application of PLC control technologies, and comments on the how these influences define specific communities of practice

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Jätevedenpuhdistamojen prosessinohjauksen ja operoinnin kehittäminen data-analytiikan avulla: esimerkkejä teollisuudesta ja kansainvälisiltä puhdistamoilta

Instrumentation, control and automation are central for operation of municipal wastewater treatment plants. Treatment performance can be further improved and secured by processing and analyzing the collected process and equipment data. New challenges from resource efficiency, climate change and aging infrastructure increase the demand for understanding and controlling plant-wide interactions. This study aims to review what needs, barriers, incentives and opportunities Finnish wastewater treatment plants have for developing current process control and operation systems with data analytics. The study is conducted through interviews, thematic analysis and case studies of real-life applications in process industries and international utilities. Results indicate that for many utilities, additional measures for quality assurance of instruments, equipment and controllers are necessary before advanced control strategies can be applied. Readily available data could be used to improve the operational reliability of the process. 14 case studies of advanced data processing, analysis and visualization methods used in Finnish and international wastewater treatment plants as well as Finnish process industries are reviewed. Examples include process optimization and quality assurance solutions that have proven benefits in operational use. Applicability of these solutions for identified development needs is initially evaluated. Some of the examples are estimated to have direct potential for application in Finnish WWTPs. For other case studies, further piloting or research efforts to assess the feasibility and cost-benefits for WWTPs are suggested. As plant operation becomes more centralized and outsourced in the future, need for applying data analytics is expected to increase.Prosessinohjaus- ja automaatiojärjestelmillä on keskeinen rooli modernien jätevedenpuhdistamojen operoinnissa. Prosessi- ja laitetietoa paremmin hyödyntämällä prosessia voidaan ohjata entistä tehokkaammin ja luotettavammin. Kiertotalous, ilmastonmuutos ja infrastruktuurin ikääntyminen korostavat entisestään tarvetta ymmärtää ja ohjata myös eri osaprosessien välisiä vuorovaikutuksia. Tässä työssä tarkastellaan tarpeita, esteitä, kannustimia ja mahdollisuuksia kehittää jätevedenpuhdistamojen ohjausta ja operointia data-analytiikan avulla. Eri sidosryhmien näkemyksiä kartoitetaan haastatteluilla, joiden tuloksia käsitellään temaattisen analyysin kautta. Löydösten perusteella potentiaalisia ratkaisuja kartoitetaan suomalaisten ja kansainvälisten puhdistamojen sekä prosessiteollisuuden jo käyttämistä sovelluksista. Löydökset osoittavat, että monilla puhdistamoilla tarvitaan nykyistä merkittävästi kattavampia menetelmiä instrumentoinnin, laitteiston ja ohjauksen laadunvarmistukseen, ennen kuin edistyneempien prosessinohjausmenetelmien käyttöönotto on mahdollista. Operoinnin toimintavarmuutta ja luotettavuutta voitaisiin kehittää monin tavoin hyödyntämällä jo kerättyä prosessi- ja laitetietoa. Työssä esitellään yhteensä 14 esimerkkiä puhdistamoilla ja prosessiteollisuudessa käytössä olevista prosessinohjaus- ja laadunvarmistusmenetelmistä. Osalla ratkaisuista arvioidaan sellaisenaan olevan laajaa sovelluspotentiaalia suomalaisilla jätevedenpuhdistamoilla. Useiden ratkaisujen käyttöönottoa voitaisiin edistää pilotoinnilla tai jatkotutkimuksella potentiaalisten hyötyjen ja kustannusten arvioimiseksi. Jo kerättyä prosessi- ja laitetietoa hyödyntävien ratkaisujen kysynnän odotetaan tulevaisuudessa lisääntyvän, kun puhdistamojen operointi keskittyy ja paineet kustannus- ja energiatehokkuudelle kasvavat