Doctor of Philosophy
School of Electrical, Computer and Telecommunications Engineering
Programmable Logic Controllers (PLCs) play an important role in Industrial Control Systems (ICS), production lines, public infrastructure, and critical facilities. A compromised PLC would lead to devastating consequences that risk workplace safety, humans, environment, and associated systems. Because of their important role in ICS, more specifically PLC Based Systems (PLC-BS), PLCs have been targeted by various types of cyber-attacks. Many contributions have been dedicated to protecting ICS and exploring their vulnerabilities and threats, but little attention and progress have been made in enhancing the security of PLC code by utilizing internal PLC ladder logic code solutions. Mainly the contributions to protect and secure PLC-BS are related to external factors such as industrial networks, Supervisory Control And Data Acquisition Systems (SCADA), field devices, and servers. Focusing on those external factors would not be sufficient if adversaries gain access to a PLC since PLCs are insecure by design - do not have built-in self-defense features that could reduce or detect abnormalities or vulnerabilities within their running routines or codes. PLCs are defenseless against code exploitations and malicious code modifications. This research work focuses on exposing the vulnerabilities of PLC ladder logic code and provides countermeasure solutions to detect and prevent related code exploitation and vulnerabilities. Several test-bed experiments, using Rockwell PLCs, were conducted to deploy real-time attack models against PLC ladder logic code and provided countermeasure solutions to detect the associated threats and prevent them. The deployed attacks were successfully detected by the provided countermeasure solutions. These countermeasure techniques are novel, real-time PLC ladder logic code solutions that can be deployed to any PLC to enhance its code defense mechanism and enable it to detect and prevent code attacks and even bad code practices. The main novel contribution, among the provided countermeasure solutions, is the STC (Scan Time Code) technique. STC is a ladder logic code that was developed, deployed, and tested in several test-bed experiments to detect and prevent code abnormalities and threats. STC was able to detect and prevent a variety of real-time attack models against a PLC ladder logic code. STC was designed to capture and analyze the time a PLC spends in executing a specific routine or program per scan cycle to monitor any suspicious code modifications or behaviors. Any suspicious modifications or behaviors of PLC code within a particular routine would be detected by STC which in return would stop and prevent further code execution and warn operators. In addition to detecting code modifications, the STC technique was used to detect any modification of the CPU time slice scheduling. Another countermeasure technique was PLC code that was used to detect and prevent the manipulation or deterioration of particular field devices. Moreover, several countermeasure PLC code techniques were proposed to expose the vulnerabilities of PLC alarms code where adversaries could find ways to launch cyber-attacks that could suppress (disable) or silence the alarms and critical faults of associated ICS devices monitored by PLCs. Suppressed alarms would not be reported to operators or promptly detected, resulting in devastating damage. All provided countermeasure solutions in this work were successfully tested and capable of detecting, preventing, or eliminating real-time attack scenarios. The results were analyzed and proved the validity of the provided countermeasure solutions. This research work, also, provides policies, recommendations, and general countermeasures to enhance the validity and security of PLC code. All the techniques provided in this work are applicable to be implemented and deployed to any PLC at no extra cost, additional resources, or complex integration. The techniques enhance the security of PLCs by building more defensive layers within their respective routines which in return would reduce financial losses, improve workplace safety, and protect human lives and the environment.
Serhane, Abraham, PLC Code Vulnerabilities and Attacks: Detection and Prevention, Doctor of Philosophy thesis, School of Electrical, Computer and Telecommunications Engineering, University of Wollongong, 2022. https://ro.uow.edu.au/theses1/1706
Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.