Instruction Authenticator Framework for Distributed Control Systems based on IEC 61131-3

Abstract

Computer-based equipment used in industrial automation needs to be protected against unauthorized access and control. The widely accepted approach to computer security is based on security in depth, meaning that the computer system is viewed as a layered structure and security is introduced at each of the layers. In this paper, we propose a method of adding security at what is commonly viewed as the lowest level of control - the Programmable Logic Controller (PLC). The approach is based on encrypting the process variable identifiers so an attacking virus is not able to interpret the variables being addressed by the control logic, and therefore inhibiting targeted attacks by a virus wishing to subtly change the controlled system operation without actually destroying the controlled plant. The approach is focused towards Distributed Control Systems (DCS) whose operation is based on maintaining all variable/signal values in an RTDB (Real-Time Database).