Armor PLC: A Platform for Cyber Security Threats Assessments for PLCs

Abstract

Programmable Logic Controllers (PLCs) are essential parts in industrial manufacturing plants. With the emerging Industry 4.0 environment, legacy PLCs are now connected to the Internet to be better automated. However, these PLCs are especially vulnerable when connected to a network, since there is limited inherent security mechanisms built in. In this paper, we discuss various vulnerabilities in these PLCs. We describe threat models, detection and protection techniques. We consider vulnerabilities as compromised PLC logic, which is introduced by over-the-network malicious data injection. We leverage Host-Based Intrusion Detection System (HIDS) techniques, such as output value comparison using majority voting, timing comparison and using known I/O values for detecting such attacks for our Network-Based Intrusion Detection System for PLCs. We mimic functionalities of PLCs, through virtualization of PLCs’ ladder logic on OpenPLC [7]. We use a record & replay technique for attack mitigation and system restoration. The record & replay system captures pin values of a Pulse Width Modulated (PWM) signal with sensitivity of 50 microseconds. We implement the attacks and our proposed security solution on the control flow logic of a sample industrial gas pipeline PLC network. We achieve a false positive rate of 1% along with a latency of 25 milliseconds in our abnormal detection with setting of 4 virtual PLCs (using OpenPLC [7]), and generated receiver operating characteristic results on different attack rates and ST file logic settings.