Block title


Minding the gaps to protect industrial PLCs from cyber threats

- Advertisment -

Charl Ueckermann.

Times have changed dramatically since the first programmable logic controllers (PLCs) found their way onto factory floors to control and automate manufacturing and industrial processes. One of the biggest changes is the advent of the internet that changed available communication technologies from Profibus, a protocol gateway that directly connects PLCs to the machinery they control, to Profinet, an Ethernet-based industrial communication system that provides faster real-time communication and can interconnect network devices to the internet.

PLCs, designed to control machinery and specific processes, were never built with cybersecurity threats in mind and protecting PLCs against these threats requires healthy isolation from the World Wide Web.

With the change in how industrial machines communicate within a network came new risks, systems that were isolated in the past are now visible on the internet. Operational technology (OT) networks have always been designed and configured in a flat and unsegmented configuration where all the OT devices are all connected on the same network. If an IT network is infected with malware, the manufacturing operation’s OT network is exposed to the same malware. OT networks should, therefore, be isolated from IT networks in the fundamental planning of an organisation’s OT infrastructure.

This is where air-gapping comes in. Air-gapping is part of the actual set-up of a network where a secure network is physically separated from an unsecured one. Clear separation between critical and non-critical systems can limit the impact of a breach and makes it possible to apply appropriate security controls. For example, non-critical systems can have access to view information on critical systems, but not necessarily make changes.

Air-gapping within OT networks, where you isolate your PLC environment from the rest of your systems, is the modern way of doing it. When done effectively, air-gapping makes it possible to allow interplay between systems, but there are healthy boundaries to keep your PLC environment safe from the types of cyber threats that afflict IT. For instance, industrial control systems, including those that many PLCs integrate with, use Microsoft Windows, which opens up the same risks to the PLC system as those affecting PCs. Yet traditional software security tools are not effective enough in protecting PLCs.

In a water plant, if a PLC goes haywire because of being compromised, water quality can be impacted and as a result, affect thousands of lives. In Iran, the Stuxnet virus made a small modification to a PLC environment and forced a complete shutdown of this uranium enrichment plant. By implementing an effective PLC security strategy, which includes air-gapping in the correct areas, identity and access management, and asset discovery, you can mitigate these risks and avoid setbacks and costly downtime.

In the old days, companies had proprietary protocols in terms of how they ran productions. Those were well-networked protocols, and they were isolated from IT-based cyber environments. To create efficiencies, do better just-in-time manufacturing, eliminate waste, reduce working capital and provide instant information, it became necessary to get PLCs connected via Ethernet, which means there is a high level of connectivity between cyber systems and PLCs nowadays.

The problem lies in the way in which communication channels have been opened up between OT networks, IT networks and the Internet. There is a lack of proper segregation, adequate VLANs aren’t created, and often a firewall or two is slapped into the mix. This means that there are rivers of information rushing together and they really should run separately so that one cannot infect the other. Complete isolation is not the solution. That would be like having all the doors to a shopping centre locked, stopping everyone from entering, including customers. Instead, you want to control access, allowing customers in and unwanted ‘guests’ out.

Similarly, you want to be able to inspect and control the nature of traffic going in to and out of OT environments, as well as between different PLCs so that the business still benefits from connectivity between them without exposing systems to unwanted risk.

When it comes to identity and access control, you should define exactly who is allowed into the environment, what timeframes they are permitted access, and what they can work on while they are there. This is most certainly one of the highest-ranking priorities in the PLC security plan.

The first step, however, should be a cybersecurity vulnerability assessment. Modern manufacturers need to understand where all their PLC data resides and how people connect to that data. In a manufacturing environment, there will typically be different PLCs in different parts of the organisation, factory or mine, and these are interlinked. It is essential to know how they are exposed to other computers that have connectivity to the Internet as these create open gateways for industrial cyber threats. This includes all Internet-connected devices, even smartphones that employees might be plugging into their computers to charge during their day at work.

Once companies have a comprehensive understanding of the environment and how the different network areas are connected, it becomes necessary to call on technology to assist with controlling access to the environment’s systems, which includes physical and digital assets, as well as put processes in place to protect data. Ongoing monitoring solutions are also needed to maintain visibility of the data flowing between and in and out of the various environments.

Not all threats and attacks occur from the outside. In addition to effective policies, procedures, and technologies, companies need to put their employees through security awareness and training. People need to be critically aware of their associated responsibilities in protecting the organisation against malware or cybercrime for that matter. In a typical manufacturing environment, employees are required to go through proper health and safety induction. Likewise, they should be required to undergo a cybersecurity induction because when it comes to PLCs that can behave erratically and dangerously if they are compromised, lives are at stake.

Send your comments to


Please enter your comment!
Please enter your name here

Latest articles

The fourth wave of cloud is imminent

  Lori MacVittie, Principal Technical Evangelist, Office of the CTO at F5 The first wave of cloud saw organisations sprint to it, lured by promises of...

Fast IO-Link Encoders with COM3

Encoders with the latest and fastest IO-Link interface are now available with a transfer rate of 230.4 Kbit/s, thus enabling a considerable improvement for...

SA innovation: delivering life sustaining oxygen efficiently

 A group of South African doctors, engineers and designers based in East London has invented and developed a medical device that revolutionises oxygen delivery...

The slow-motion AI explosion

Artificial intelligence (AI) has been around for years. It has crept into systems and solutions with determined, algorithmic intensity, and it has layered its...

Mastermind behind Android Malware returns with a new RAT

There are over 3,5 billion smartphone users worldwide, and it is estimated that over 85% of those devices – around three billion – run...

Telkom withdraws part of spectrum court application

Telkom has decided to withdraw Part A of the court application.  Last month it launched a court application in respect of the Invitation To...
- Advertisement -

Time to join the ML adaption curve

Machine Learning (ML) has become more commonplace in enterprises as the number of areas where it is effective grows. “If your organisation or vertical...

5G spreads Covid-19 virus a myth

ICASA said that the claim that 5G is spreading Covid-19 is a myth. The Authority would like to urge all South Africans not to...

MTN best mobile network according to MyBroadband research

MyBroadband Insights has released the 2020 Mobile Network Quality Report, which shows that MTN has the best mobile network in South Africa. The report...

Attacks targeting healthcare organisations spike globally

At the end of October 2020, Checkpoint  reported  that hospitals and healthcare organisations had been targeted by a rising wave of ransomware attacks, with...

The digital sensor age is here

With the adoption of an ever-growing digital world, Danfoss Industrial Automation has repositioned itself as Danfoss Sensing Solutions, representing the union of application-driven sensor...