Meet us at the ISA Process Control and Safety Symposium & Exhibition
Meet Secure-NOK at the ISA Process Control and Safety Symposium & Exhibition November 7.-9. at Marriot Westchase Hotel in Houston, Texas. Erlend from Secure-NOK will be speaking about cyber attacks on PLCs and how to detect various types of attacks:
Programmable Logical Controllers (PLCs) have traditionally not been considered vulnerable to cyber attacks. This is not necessary the case today, which is evident by the increasing number and sophistication of cyber attacks on PLCs. Examples of such are a number of attacks on internet-facing PLCs, PLC worms, attacks related to payload sabotage and the PLC Rootkit attack. The harm that cyber attacks can cause depends on the physical process that the PLC is controlling. This is particularly true for the PLC Rootkit attack, which was demonstrated during BlackHat Europe 2016. The attack is also referred to as the PLC ghost attack. The attack is executed by a number of attack steps, including: (1) attacker gaining access to the PLC through malicious firmware in the PLC, by guessing passwords or by means of a control-flow attack against the PLC runtime; (2) attacker mapping Input/Output to the debug register to intercept write and read operations; and (3) attacker manipulating the I/O initialization sequence. By gaining control over I/O, the attacker can manipulate physical processes, such as changing the value of a pressure sensitive boiler thus leading to the explosion of the boiler.