OpenPLC based control system testbed for PLC whitelisting system
- PDF / 1,280,610 Bytes
- 6 Pages / 595.276 x 790.866 pts Page_size
- 26 Downloads / 293 Views
ORIGINAL ARTICLE
OpenPLC based control system testbed for PLC whitelisting system Shintaro Fujita1 · Kosuke Hata1 · Akinori Mochizuki1 · Kenji Sawada1 · Seiichi Shin1 · Shu Hosokawa2 Received: 1 July 2020 / Accepted: 12 August 2020 © International Society of Artificial Life and Robotics (ISAROB) 2020
Abstract This paper proposes a security testbed system for industrial control systems. In control systems, controllers are final fortresses to continue the operation of field systems. Then, we need countermeasures of controllers. The whitelisting function is efficient in controller security. The whitelisting function registers normal operations in a list and detects unregistered operations as abnormal. We need a testbed system to check whether the whitelist function does not affect other functions of the controller. The industrial controller and its engineering tool are relatively expensive, and are customized with respect to controller vendors. To enhance the whitelist development, this study proposes a testbed system using OpenPLC which is an open-source software. This system is independent of controller vendors and is applicable for controller programming languages. We implement a whitelist based anomaly detection method for the testbed system and validate that the anomaly detection method operates correctly. Keywords PLC · Security · Testbed · Whitelist
1 Introduction Control systems face a lot of cyber-attacks [1], such as Stuxnet, WannaCry, CrashOverride, Bad Rabbit. The typical control system consists of SCADA (Supervisory Control And Data Acquisition), network switches, controllers, and field devices. Initially, it is supposed that malicious attackers target SCADA and penetrate its vulnerabilities because Windows OS is introduced to SCADA, and its version often remains old. However, recent malware directly targets controllers. Controllers are the final fortresses of control systems. Even if SCADAs stop suddenly, controllers themselves continue the operation of the field device. If controllers stop, control systems cannot be operated by SCADAs. Therefore, we need countermeasures focusing on controllers [2].
This work was presented in part at the 23th International Symposium on Artificial Life and Robotics (Beppu, Oita, January 21–23, 2018). * Kenji Sawada [email protected] 1
The University of Electro-Communications, 1‑5‑1, chofugaoka, Chofu‑shi, Tokyo, Japan
Control System Security Center, 3‑4‑1, sakuragi, Tagajo‑shi, Miyagi, Japan
2
The main functions of the controller are operating field devices and communicating with other devices. System resources for the security function are not high, and then we cannot apply common antivirus software to controllers directly. Standard antivirus software is based on the blacklisting system in which anomaly behaviors caused by malware/worms are listed, and actions of application commands are always checked. This system load of blacklist checking is very high for controllers. Further, the backlisting system requires frequent updates of pattern files to maint
Data Loading...
