Abstract

This research paper discusses security issues with current deployments of Programmable Logic Controllers (PLCs) and Supervisory Control and Data Acquisition Systems (SCADA) in the industry and proposes a solution that enables PLC devices to query a blockchain infrastructure for commands and setpoints. The blockchain assumes a dual role in this context: serving as an immutable audit trail database as well as a trusted source for critical commands and setpoints. In contrast to the conventional paradigm, this novel approach does not require write access at the PLC level, thus minimizes its attack surface and helping to protect against known and zero-day vulnerabilities often used in cyberwarfare, such as in the case of the notorious Stuxnet worm. Applications that enforce the logging of user operations for Good Manufacturing Practices (GMP) or compliance purposes use the blockchain network as an audit trail database for user actions. Any attempt to maliciously circumvent the logging operation would not affect the operation of a critical process. Additionally, a prototype implementation developed as part of this research finds that modern PLC devices are more than capable of interacting with private Ethereum blockchain nodes. The required libraries and user code consume a small percentage of available resources, while the duration of a complete request-response cycle measured around 22msec. The authors anticipate that PLCBlox can be used as a drop-in replacement for applications requiring higher security standards and logging enforcement, such as nuclear power plants or other critical infrastructure.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.