IT threat analysis: security analysis for next-generation PLCs

IT security is becoming increasingly important in more and more areas of our lives. Industrial plants are also increasingly being networked with each other or with cloud services via the internet. This increases productivity and can even open up new areas of business. At the same time, however, networking also offers attackers potentially more opportunities to penetrate control networks.

Phoenix Contact is a global manufacturer of industrial control systems. In the context of Industry 4.0, connecting controllers to the Internet is essential. However, access via the Internet requires special protection, e.g. to ward off hacker attacks. To this end, the IT security standard IEC 62443 describes requirements specifically tailored to automation technology, both for products and their development processes, which must be fulfilled.

In order to demonstrate security in compliance with the standard, Fraunhofer IEM conducted a comprehensive threat analysis for the next generation of programmable logic controllers (PLCs). To this end, Fraunhofer IEM adapted and applied the Microsoft STRIDE approach method and tool for the domain of automation technology. The threats identified in this way are tested for validity and effective mitigation through appropriate protective measures. At the same time, the applied method is being further refined and integrated into the standard development process at Phoenix Contact. In the long term, this is to be optimized in accordance with IEC 62443. The extensive security measures for the controllers help to safeguard the operation of machines and systems and thus avoid expensive downtimes.