What are the pitfalls of PLCs in IIoT-driven environments?

Programmable logic controllers are a staple of IIoT-driven environments today, but they present a number of security concerns that must be addressed

Industrial Internet of Things (IIoT) is synonymous with evolution. Today, IIoT paves the way for new business models, enabling organisations to create new products while bettering current ones. Furthermore, IIoT also gifts organisations increased efficiency and productivity in its wake. Thus, businesses in this arena can undergo the transformation necessary to remain competitive.

However, IIoT doesn’t treat only businesses to a makeover. IIoT can also give technologies a zhuzh up. Programmable logic controllers (PLCs) are testament to this, having undergone a revamp to withstand the demands of industrial environments.

While IIoT appears to drive everything and everyone in an upward trajectory, the elephant in the room is always looming. That elephant, of course, is security. IoT in any setting is known to burn holes in enterprise security, so the impact of IIoT on PLCs is surely no exception. This begs the question: has the revamp occurred faster than security can keep up with? What should organisations do to stay secure?

The fundamental functions of PLCs

Organisations use PLCs as a replacement for traditional relay panels to control machinery. The latter caused businesses a lot of bother for the numerous pitfalls they came with, therefore necessitating PLCs. These alleviate the time spent toying with their traditional counterparts – because they took a lot of time. As well as this, relay panels makes changing logic or operations a really complicated endeavour. Making matters worse, relay panels are a bit of an eyesore, and their grand clunky-ness used a lot of electricity.

PLCs gained quick recognition as the answer to these problems. In particular, they are built of two main components, CPU modules and input/output devices, making them simpler on face value and are much nicer to look at. On the other hand, PLCs can be set up in a dispersed manner, so you don’t need to look at them at all. In a cabinet? Sure. On another floor? That’s fine. In another building? Why not! Best of all, however, they are easier to maintain and enable IIoT capabilities that relay panels could not.

Thus, PLCs are pretty much non-negotiable for businesses today. However, in light of the fact that they’re a IIoT staple, it adds more weight to the severity of the security problem.

What are the security pitfalls of IIoT-driven PLCs?

For attackers, PLCs are an attractive business asset on which to wreak havoc. If an attacker can gain control of the machineries via the PLC, they can cause irrevocable damage to your business. This can range from data theft to redirecting and manipulating the sending of information to equipment interference.

To make matters worse, the PLC design is simply not secure by default. Throw network connection and IIoT into the mix, and your attack surface area multiplies more than you want to know.

To best mitigate the threat that network connections present, organisations must go straight to the source. In particular, the company must ensure that, if the PLC is connected to a company web server and internet, it is as secure as possible. Not only that, but a hardware root of trust is integral to successful security measures.

As mentioned earlier, attackers may wish to manipulate transactions of information to cause disrupt and downtime. Given this, organisations must endeavour to use encryption keys to protect against interception of the data. In some instances, you may be able to create private networks guarded by PLC network keys for the equipment only. It’s not overly fiddly business, as all components on the same local area network can share a network encryption key to securely exchange data.

Sadly, with PLCs, you win some and you lose some. However, despite the security hassle they come with, they’re a hell of a lot better than their traditional counterparts.

Why is cybersecurity now a political issue? Find out, here.