Can PLC's get Viruses?

[LeeB]

HI Guys Can anyone please help? I've been asked at work to produce a virus protection plan for a various range of different PLCs. I dont think they are susceptible to viruses but need some research or documentation to back my theroy up. any chance someone could send me some or give me a url where i might find some info. Thank you in advance really appreciated Lee

[TimWilborne]

Well if you are a believer in the Conspiracy Theory, then yes, a PLC is susceptible to viruses and other security threats. But so is Linux, Firefox, and many other products not made by Bill Gates. The big question I would reply with is why would someone? Most hackers and virus creators are not targeted at a particular organization. They are to just cause mass trouble. Look at the number of users of Microsoft products, Linux products, and PLC products. That is one of the advantages of Linux over Microsoft. Linux is only a thorn in Microsoft's side and hackers aren't interested. In comparison of us to Microsoft we are only a flee on a dog. As for protection. Make sure you network entrance points are secure. You are more likely to have a disgruntled employee cause you trouble than a virus

[Ken Moore]

Have to agree with TW, I don't think the average virus composer is after the controls world. I believe former employee's and contractors are the biggest threat. They know your process, they know your weak areas. If I were to turn to the dark side, I could reek major havoc, by making minor little tweaks in the plc programs running the processes. No explosions, no one injured, but lots of bad product. So....you want to make sure that only authorized personnel have access to your controls network.

[BobLfoot]

Have to agree with the consensus already expressed. And add this thought. Most PC's pick up viruses because they run multiple programs and cruise the internet looking for data. PLC's on the otherhand run their proprietary code and don't change that prgoram unless the operator asks for it. Physical security is a bigger worry than viruses in my opinion.

[Peter Nachtwey]

One can download bad firmware when they do control flash. That would take a lot of effort but hard to diagnose. Now I think of it I can see how this could drive one nuts trying to discover what it happening. The conclusion would be that there is something wrong with the PLC. One can figure out how to download programs and download a virus that takes part of the scan. That would be tricky too and also hard to discover. The easy thing to do is to download bad ladder code but this would be easy to discover too. Last year at this time I was at a saw mill where I had access to all the PLCs and motion controllers in the mill via WIFI. There was no password protection. Someone may be able to park outside the building and monitor or modify a parameter that could cause a lot of damage. That is a much more likely threat. The key is to limit access.

[TimWilborne]

I always like to use the Australian sewage release incident in this article as an example. In all of the cases it was someone directly going after the company http://www.crime-research.org/news/19.10.2004/727/

[Chris Elston]

Every single one of our machines has a virus in it. After 45 days of shipping a new machine to a customer, the machine stops, and an error message appears on the panel view. "Please deposit final payment into our bank account to reset this error". After we get our final payment for the machine, we disable the virus. Serioully though......I don't think you have anything to worry about. Just keep your ethernet PLCs protected from open gateways that have access through the internet and you should be just fine...and also keep those phone line and modems disconnected unless you need your machine builder to dial in and help you.

[Camel]

I have to agree with this one. But why? Is it because it doesn't pose much of a challenge? I think it does. Is it because most people are ignorant about how their goods are manufactured? I just don't understand this one. Also, they may not be after the controls world but, something they do may effect the controls world. Like the afforementioned Blaster Worm. I know that wasn't meant for us but, it did effect us. I was just about to think up a bunch of scenarios which would probably bore you guys to tears. But think of it this way. Would you rather be proactive or retroactive? You have spent millions of dollars and tons of engineering to design and build a control system and a piece of equipment. You have tried to eleminate or mitigate every variable outside your control. Why would you not want to eliminate this one? Is it because, like the hackers, you are ignorant to what they are capable of? Or is it because you don't care? Or have you implimented proper controls to protect your systems (PLC and PC)? Which one would sound better to you boss as you try to explain yourself after a major failure? Almost forgot... Here are some "security laws" from microsoft. Try using PLC in the place of computer. ( I find it kinda ironic that these came from microsoft ) Edited January 24, 2007 by Camel

[LeeB]

Thanks guys that really helped. Thanks for taking the time to help Edited January 26, 2007 by LeeB