After some initial work from Airbus CyberSecurity on the security of industrial PLCs, Airbus and Schneider Electric have worked together to validate the research outcomes of Airbus expert Flavian Dola. The findings demonstrate the possibility of executing a certain type of cyber-attack on industrial controllers in specific conditions, such as an attacker that already compromised the engineering station, or had logical or physical access to a PLC controller without any authentication feature.
This research work has been performed as Airbus CyberSecurity is aiming at developing its expertise and capabilities to address the protection of OT (operational technology), meaning industrial assets in general. Working with a leading industrial manufacturer such as Schneider Electric has allowed both companies to improve their understanding of potential weaknesses in industrial systems.
As a general guideline for their customers, suppliers and partners, Airbus and Schneider are encouraging industrial companies to ensure that they have implemented cybersecurity best practices and defense in depth across their operations and supply chains to reduce cyber risks.
On the PLC side this means:
- to prevent unauthorised physical access
- to protect the logical access by activating the password-protection and access control mechanisms
- to deactivate the remote configuration and programming mode on production systems
- to make sure that PLCs are not directly connected to the Internet or to put them behind a firewall and apply ACL to limit external access (ingoing and outgoing traffic)
On the side of the engineering station this means:
- to keep it up to date, applying security patches in a systematic way, activating antivirus software
- to disconnect it from the production network
- to apply whitelisting solutions
Please find the Security Notification by Schneider Electric here.