Attacking the IEC 61131 Logic Engine in Programmable Logic Controllers

Syed Ali Qasim, Adeen Ayub, Jordan Johnson, Irfan Ahmed

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

Programmable logic controllers monitor and control physical processes in critical infrastructure assets, including nuclear power plants, gas pipelines and water treatment plants. They are equipped with control logic written in IEC 61131 languages such as ladder diagrams and structured text that define how the physical processes are monitored and controlled. Cyber attacks that seek to sabotage physical processes typically target the control logic of programmable logic controllers. Most of the attacks described in the literature inject malicious control logic into programmable logic controllers. This chapter presents a new type of attack that targets the control logic engine that is responsible for executing the control logic. It demonstrates that a control logic engine can be disabled by exploiting inherent features such as the program mode and starting/stopping the engine. Case studies involving control logic engine attacks on real programmable logic controllers are presented. The case studies present internal details of the logic engine attacks to enable industry and the research community to understand the control logic engine attack vector. Additionally, control engine attacks on power substation, conveyor belt and elevator testbeds are presented to demonstrate their impacts on physical systems.

Original languageEnglish
Title of host publicationCritical Infrastructure Protection XV - 15th IFIP WG 11.10 International Conference, ICCIP 2021, Revised Selected Papers
EditorsJason Staggs, Sujeet Shenoi
PublisherSpringer Science and Business Media Deutschland GmbH
Pages73-95
Number of pages23
ISBN (Print)9783030935108
DOIs
StatePublished - 2022
Event15th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2021 - Virtual Online
Duration: Mar 15 2021Mar 16 2021

Publication series

NameIFIP Advances in Information and Communication Technology
Volume636 IFIPAICT
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference15th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2021
CityVirtual Online
Period03/15/2103/16/21

Funding

This chapter has been authored by UT-Battelle LLC under Contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The research was partially supported by the Virginia Commonwealth Cyber Initiative.

FundersFunder number
U.S. Department of Energy
UT-BattelleDE-AC05-00OR22725

    Keywords

    • IEC 61131 logic engine
    • Programmable logic controllers
    • attacks

    Fingerprint

    Dive into the research topics of 'Attacking the IEC 61131 Logic Engine in Programmable Logic Controllers'. Together they form a unique fingerprint.

    Cite this