With the development of modern industry, the importance of automation technology is increasing. Automation plays a crucial role in enhancing productivity, reducing errors, and improving safety. Therefore, security in the OT (Operational Technology) environment, which is central to automation, is very important to ensure the stability and safety of manufacturing processes.
Among the components of OT, PLC (Programmable Logic Controller) is used in various industries and has established itself as a key element in process control and machine control systems. Let's take a closer look at security solutions through PLC hacking cases.
The Importance of PLC Security and Recent Hacking Cases
PLC (Programmable Logic Controller) is a key facility in industrial automation systems, playing an essential role in various manufacturing and process automation in factories, power plants, etc.
However, as PLC systems become more complex and connected to the internet, cybersecurity threats are increasing. If a PLC is hacked, production processes can be halted, and product quality can deteriorate. In severe cases, it can even cause casualties, making it very dangerous.
@ Image by tasukaran from Pixabay
Cyberattacks targeting PLC systems are increasing worldwide. In 2023, the Iranian hacking group CyberAv3ngers hacked water facilities in Florida and Pennsylvania in the United States, revealing the serious vulnerabilities in PLC security.
The hackers targeted the Unitronics Vision series PLC used in water and wastewater systems (WWS). This hacking caused the water facilities' systems to become paralyzed, disrupting the water supply.
Especially, the disruption of water facility operations is directly related to public safety. The interruption of water supply caused inconvenience and danger to the community. Additionally, it caused economic losses by disrupting the operations of businesses such as pharmacies, swimming pools, and breweries.
Furthermore, they attacked power plants, causing power supply disruptions. They also exploded the Le Hai chemical plant in Vietnam, causing numerous casualties.
Can you believe these incidents occurred due to a lack of basic security settings and vulnerabilities in old hardware? Many PLC systems are used without changing the default password after installation, allowing hackers easy access to the systems. Not changing the default password is a simple action that creates a significant security hole.
The PLCs used in the attacks were relatively old models that had not been updated with the latest security updates and patches. Some facilities did not adequately protect the connection between the PLC and the external network, allowing hackers to remotely access the system.
@ Image by Pete Linforth from Pixabay
The above cases clearly show the importance of PLC system security. To strengthen PLC security, the first step is to immediately change default passwords like '1111'. Use complex and hard-to-guess passwords, and change them regularly.
Regularly check for vulnerabilities in PLC systems and quickly apply the latest security patches provided by the manufacturer. Additionally, strengthen the connection between the PLC and external networks, and disconnect from external networks when not necessary. Network security should also be enhanced using firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS).
@ Image by Peggy und Marco Lachmann-Anke from Pixabay
Another method is to implement Multi-Factor Authentication (MFA) to strengthen user authentication procedures. Even if a user account is stolen, unauthorized access can be prevented through additional authentication steps. For example, technologies like SSenStone's OTAC (One-Time Authentication Code) generate one-time authentication codes, which provide a high level of account security without passwords.
Regular security training for employees is essential to raise security awareness. Hiring external security experts to evaluate the system from a third-party perspective and provide improvement suggestions is also effective.
Lastly, physical security measures for the facility where the PLC system is located must be considered. Unauthorized access should be prevented with access control systems, and surveillance cameras and alarm systems should be installed. Important equipment should be secured with locks, and only personnel with access rights should be allowed entry to strengthen security.
PLC security requires more careful attention and thorough preparation than ever in today's industrial automation environment. Neglecting this can lead to significant economic losses and even casualties.
Companies should establish comprehensive security enhancement strategies, such as regular security inspections, network segmentation, and multi-factor authentication, to prepare for PLC security. Solutions like SSenStone's OTAC can be a useful tool in your security enhancement strategy to build a stable OT environment.