Protections against cyber attacks in PLC programmable controllers

A professional guide to securing industrial control systems

Programmable logic controllers (PLCs) are the heart of industrial control systems: pumps, water systems, production lines, conveyors, ovens, dosing systems, osmosis facilities, HVAC systems, elevators, robots, and more. In the past, a PLC was a “lonely island” inside the electrical panel. Today, it is connected to the network, HMI, SCADA, the cloud, VPN, a maintenance computer, and sometimes even for remote viewing from a phone. Convenient? Very convenient. Dangerous? If not properly secured — absolutely. Cybersecurity in programmable controllers is not allowed. An attack on a PLC does not only damage files or information; it may stop production, change chemical dosages, start a pump at the wrong time, bypass pressure protections, disrupt a process, cause damage to equipment, and sometimes also endanger people. Therefore, in the world of OT, i.e. Operational Technology, security must consider not only information confidentiality, but mainly availability, safety, reliability, and operational continuity. NIST emphasizes that OT security should protect systems that monitor or modify the physical world, while maintaining performance, reliability, and safety requirements unique to an industrial environment.

Why has PLC become a target for cyber attacks?

The reason is simple: where there is control over a process — there is value for the attacker. An attacker does not have to “break into a factory like in a movie.” Sometimes an insecure remote connection, a default password, an infected engineering computer, an open port to the Internet, or a technician connecting with an unclean laptop is enough. A programmed controller may be exposed for several main reasons:

1. Connecting to the Internet or office network without proper separation
   A direct or indirect connection between an IT network and an OT network creates a bridge for attackers.
2. Insecure remote access
   Remote control software, weak VPN, opening ports on the router, or using simple passwords.
3. Old equipment without security updates
   Many factories have controllers that have been in operation for many years. They are operationally reliable, but they were not always designed for today's cyber world.
4. Weak or default passwords
   “1234” is not a password. It’s a “welcome” sign for the attacker.
5. Lack of network documentation
   If you don't know which controller, HMI, transducer, computer, router, or communication module is connected, you can't truly protect them.
6. Lack of separation between system areas
   A packaging system, a filling system, a pump room, and a SCADA server don't necessarily have to talk to each other freely.

The difference between IT security and OT security

In regular IT security, the emphasis is often on information: documents, users, permissions, servers, emails and databases. In OT security, the emphasis is different: the system operates physical equipment. A small mistake can cause downtime, damage or a safety risk. In the IT world, it is sometimes possible to update and restart a server. In the industrial world, it is not always possible to “restart” an active production line, water system, filling machine or process