TY - GEN
T1 - My PLC makes an excellent web server
AU - Mahoney, William
PY - 2014
Y1 - 2014
N2 - Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? "No" is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.
AB - Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? "No" is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.
KW - Critical infrastructure
KW - Programmable logic controllers
KW - Scada
UR - http://www.scopus.com/inward/record.url?scp=84931087999&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84931087999&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84931087999
T3 - 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014
SP - 149
EP - 157
BT - 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014
A2 - Liles, Sam
PB - Academic Conferences Limited
T2 - 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014
Y2 - 24 March 2014 through 25 March 2014
ER -