Calls: Send in your ideas. Deadline February 1st, 2021.

Securing PLCs via embedded Open-Source protocol adapters

[Securing PLCs via embedded Open-Source protocol adapters]

Industrial Programmable Logic Controllers have been controlling the heart of any production machinery since the mid-70s. However have these devices never been built for the usage in completely unprotected environments such as the Internet. Currently most PLCs out in the wild have absolutely no means to protect them from malicious manipulation (Most don't even have an effective password protection). Unfortunately "Industry 4.0" is all about connecting these devices to the Cloud and hereby attaching them to potentially unsecure networks. In the "Securing PLCs via embedded Open-Source protocol adapters" initiative we are planning on porting the Apache PLC4X drivers to languages that can also be used in embedded hardware. Additionally we also want to create secure protocol-adapters using these new drivers together with Apache MyNewt, to create protocol-adapters that could eventually even be located inside the network connectors which are plugged into the PLC in an attempt to reduce the length of the unsecured network to an absolute minimum without actually modifying the PLC itself.

Why does this actually matter to end users?

The internet is unfortunately not only populated just by kind and careful people. And it wasn't designed to be secure either. This is a dangerous and rather unfortunate combination of circumstances, and one you should take into account when you use the internet. To make matters worse, not only can the internet be a fundamentally insecure channel when used incorrectly, a lot of devices we have been hooking up to this network are unsafe as well. This is the case for both old and new devices, that are sometimes misconfigured or lack any protective barrier at all.

Connecting unprotected devices to the internet is especially problematic when these machines have an important job to do, like automate an assembly line in a factory. That is what so-called programmable logic controllers (PLCs) do: digital computers that can reliably and constantly command other machines what to do in a high-pressure, harsh environment. Unfortunately, these PLCs are not as well protected from an online attacker as they are from heat or dust: some of them do not even have a secure password. Nevertheless these unsafe devices are connected to the internet more and more in the hopes of making factories 'smarter', but also increasingly vulnerable. This project will help protect PLCs against outside attackers, ultimately making the offline and online world blend together in a more trustworthy space.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure, NGI0 Discovery (which is focussed on search, discovery and discoverability) and the Internet Hardening Fund.

Want to help but no money to spend? Help us by protecting open source and its users.

.