On Ladder Logic Bombs in Industrial Control Systems

In industrial control systems, devices such as Programmable Logic Controllers (PLCs) are commonly used to directly interact with sensors and actuators, and perform local automatic control. PLCs run software on two different layers: a) firmware (i.e. the OS) and b) control logic (processing sensor readings to determine control actions). In this work, we discuss ladder logic bombs, i.e. malware written in ladder logic (or one of the other IEC 61131-3-compatible languages). Such malware would be inserted by an attacker into existing control logic on a PLC, and either persistently change the behavior, or wait for specific trigger signals to activate malicious behaviour. For example, the LLB could replace legitimate sensor readings with manipulated values. We see the concept of LLBs as a generalization of attacks such as the Stuxnet attack. We introduce LLBs on an abstract level, and then demonstrate several designs based on real PLC devices in our lab. In particular, we also focus on stealthy LLBs, i.e. LLBs that are hard to detect by human operators manually validating the program running in PLCs. In addition to introducing vulnerabilities on the logic layer, we also discuss countermeasures and we propose two detection techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith

The PLC: a logical development

Programmable Logic Controllers (PLCs) have been used to control industrial processes and equipment for over 40 years, having their first commercially recognised application in 1969. Since then there have been enormous changes in the design and application of PLCs, yet developments were evolutionary rather than radical. The flexibility of the PLC does not confine it to industrial use and it has been used for disparate non-industrial control applications . This article reviews the history, development and industrial applications of the PLC

Integration of existing IEC 61131-3 systems in an IEC 61499 distributed solution

The IEC 61499 standard allows to model and design new generation control systems, providing innovative concepts of software engineering (such as abstraction, encapsulation, reuse) to the world of control engineering. The industrial reception of the standard, however, is still in an early stage, also because its introduction results in the adoption of a programming paradigm profoundly different than the widespread IEC 61131-3. This paper presents a method for the integration of the two standards, that allows to exploit the benefits of both. The proposed architecture is based on the parallel execution of both environments that interact with each other through some specific interfaces. A test implementation of the architecture is also presented to demonstrate the feasibility of the proposed solution

An architecture to integrate IEC 61131-3 systems in an IEC 61499 distributed solution

The IEC 61499 standard has been developed to allow the modeling and design of distributed control systems, providing advanced concepts of software engineering (such as abstraction and encapsulation) to the world of control engineering. The introduction of this standard in already existing control environments poses challenges, since programs written using the widespread IEC 61131-3 programming standard cannot be directly executed in a fully IEC 61499 environment without reengineering effort. In order to solve this problem, this paper presents an architecture to integrate modules of the two standards, allowing the exploitation of the benefits of both. The proposed architecture is based on the coexistence of control software of the two standards. Modules written in one standard interact with some particular interfaces that encapsulate functionalities and information to be exchanged with the other standard. In particular, the architecture permits to utilize available run-times without modification, it allows the reuse of software modules, and it utilizes existing features of the standards. A methodology to integrate IEC 61131-3 modules in an IEC 61499 distributed solution based on such architecture is also developed, and it is described via a case study to prove feasibility and benefits. Experimental results demonstrate that the proposed solution does not add substantial load or delays to the system when compared to an IEC 61131-3 based solution. By acting on task period, it can achieve performances similar to an IEC 61499 solution

Simulation and Control of a Cyber-Physical System under IEC 61499 Standard

IEC 61499 standard provides an architecture for control systems using function blocks (FB), languages, and semantics. These devices can be interconnected and communicate with each other. Each device contains several resources and algorithms with a communication FB at the end, which can be created, configured, and deleted without affecting other resources. Physical element can be represented by a FB that encapsulates the functionality (data/events, process, return data/events) in a single module that can be reused and combined. This work presents a simplified implementation of a modular control system using a low-cost device. In the prototyping of the application, we use 4diac to control, model and validate the implementation of the system on a programmable logic controller. It is proved that this approach can be used to model and simulate a cyber-physical system as a single element or in a networked combination. The control models provide a reusable FB design.We acknowledge the financial support of CIDEM, R&D unit funded by FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education, under the Project UID/EMS/0615/2019, and it was supported by FCT, through INEGI and LAETA, under project UIDB/50022/2020.info:eu-repo/semantics/publishedVersio

Usage of IEC 61131 and IEC 61499 standards for creating distributed control systems

This publication deals with the application of standards for industrial automation during distributed control systems design. Control systems design consists of a choice between two approaches based on the standards, IEC 61131 and IEC 61499. The question is which of the standards to use for distributed control systems design. The most commonly used standards are briefly listed in the introduction section. Then follows a more detailed description of the IEC 61131 and IEC 61499 standards, future development of the IEC 61499 standard and its usage during the creation of distributed control systems. Further on are lists and descriptions of existing commercial and research software tools, which are necessary in implementing this standard. The main section deals with the methodology for standard application comparison and criteria selection for comparing. This methodology is then verified on real control systems. The final section includes methodology generalization for suitable approach selection, resulting in recommendations for which standard to choose during creation of distributed control systems

Standardization in cyber-physical systems: the ARUM case

Cyber-physical systems concept supports the realization of the Industrie 4.0 vision towards the computerization of traditional industries, aiming to achieve intelligent and reconfigurable factories. Standardization assumes a critical role in the industrial adoption of cyber-physical systems, namely in the integration of legacy systems as well as the smooth migration from existing running systems to the new ones. This paper analyses some existing standards in related fields and presents identified limitations and efforts for a wider acceptance of such systems by industry. A special attention is devoted to the efforts to develop a standard-compliant service-oriented multi-agent system solution within the ARUM project.info:eu-repo/semantics/publishedVersio