The Ongoing Struggle to Protect PLCs

We Keep you Connected

The Ongoing Struggle to Protect PLCs

A decade after Stuxnet, vulnerabilities in OT systems and programmable logic controllers remain exposed.
March 8, 2024
Ten years have passed since the infamous Stuxnet attack highlighted the vulnerabilities of the operational technology (OT) systems that play a crucial role in our critical infrastructure. Yet despite advancements, these systems remain exposed, raising concerns about our preparedness for future cyber threats. A recent Dark Reading article by Dan Raywood highlighted how programmable logic controllers (PLCs), specifically Siemens-branded controllers, are still vulnerable.
A core challenge with OT vulnerability lies in human behavior. Threat actors exploit human behavior, causing laziness or convenience to win over security. This leads to weak passwords, neglected updates, and lax adherence to protocols. Exploiting these tendencies, hackers turn easily guessable passwords into master keys and leverage unpatched vulnerabilities to gain access.
The convergence of IT and OT creates a double-edged sword. While it fosters efficiency and innovation, it also expands the attack surface. Creating a network to manage securities for manufacturing equipment subjects critical devices (such as PLCs) that manage machinery to attacks. Hence, the interconnectedness of IT and OT has the potential to become a security nightmare.
Dark Reading's article recommends using technology that enforces security measures, such as transport layer security (TLS). Although this offers valuable protections, it is far from foolproof. Determined threat actors can still exploit unpatched vulnerabilities or leverage alternative attack vectors, such as IT and OT convergence. If the attackers are motivated enough, they might switch to other methods in which TLS proves useless. Referring to the Siemens PLC vulnerabilities, the attacker may send API instructions directly to the PLC, giving it directions that can harm critical processes. 
The article does refer to comments by Colin Finck, tech lead of reverse engineering and connectivity at Enlyze, on the most recent Siemens firmware that supports TLS, which he states aren't good enough. To this extent, the article is correct. But it doesn't explicitly say that cybersecurity needs a layered approach, with encryption being just one piece of the puzzle.
This is where device-level protection becomes crucial. Protecting and securing devices, such as PLCs, provides a solution to both growing attack surfaces and the human element. Security involves a simple approach: Don't trust anybody. Therefore, applying and enforcing zero trust helps protect critical infrastructure.
Promoting these strong security policies and establishing clear guidelines for a secure OT environment involves meticulous verification of every access attempt to PLCs. In addition, specific users must be granted only the minimum necessary permissions. Security teams and OT managers alike must champion access controls, ensuring only authorized users can interact with PLCs controlling critical systems on the factory floor. Enforcement of these security policies prevents determined attackers from sending API instructions directly to the PLC. 
The vulnerabilities in Siemens PLCs serve as a stark reminder of the ongoing struggle to secure our critical infrastructure. Siemens is just one of many PLC vendors, which all have different vulnerabilities on their own. Because of this, cybersecurity must be part of the responsibilities of the floor managers as well as of IT teams. They must understand that a layered approach is necessary, with the first layer being protection of PLCs. Enforcing and managing access and credentials to the PLCs transform vulnerable infrastructure into resilient infrastructure.
Nitzan Daube
Chief R&D Officer, NanoLock Security.

Nitzan Daube is Chief R&D Officer at NanoLock Security. He brings extensive experience in software¸ high-tech business and bridging the gaps among marketing¸ project management and engineering. Previously, Nitzan was the GM at Destinator.
You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Proven Success Factors for Endpoint Security
SANS 2021 Cloud Security Survey
The State of Incident Response
A Solution Guide to Operational Technology Cybersecurity
Endpoint Best Practices to Block Ransomware
2023 Snyk AI-Generated Code Security Report
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.