Software Safety and Security for Programmable Logic Controllers

Supervisory Control and Data Acquisition (SCADA) systems are widely used in automated manufacturing and in all areas of our nation´s infrastructure. Current research on SCADA security focuses on the primary SCADA components and targets network centric attacks. Security risks via attacks against the peripheral devices such as the Programmable Logic Controllers (PLCs) have not been sufficiently addressed. Since PLCs dictate the functionality of the processes it is crucial that they function correctly and securely. In this paper we study the problem of providing safety and security for ladder logic code. We argue that general purpose safety and security methods are insufficient for PLCs due to the specific context and the unique processing logic of ladder logic applications. We present a PLC Security Framework (PLC-SF) that is compatible with the current PLC compilers, detects and classifies incorrect and unsafe ladder logic code. After the classification of the vulnerabilities, PLC-SF recommends appropriate design-patterns to eliminate the problems.