Inst ToolsInst ToolsInst Tools
  • Courses
  • Automation
    • PLC
    • Control System
    • Safety System
    • Communication
    • Fire & Gas System
  • Instrumentation
    • Design
    • Pressure
    • Temperature
    • Flow
    • Level
    • Vibration
    • Analyzer
    • Control Valve
    • Switch
    • Calibration
    • Erection & Commissioning
  • Interview
    • Instrumentation
    • Electrical
    • Electronics
    • Practical
  • Q&A
    • Instrumentation
    • Control System
    • Electrical
    • Electronics
    • Analog Electronics
    • Digital Electronics
    • Power Electronics
    • Microprocessor
  • Request
Search
  • Books
  • Software
  • Projects
  • Process
  • Tools
  • Basics
  • Formula
  • Power Plant
  • Root Cause Analysis
  • Electrical Basics
  • Animation
  • Standards
  • 4-20 mA Course
  • Siemens PLC Course
Reading: #20 PLC Best Practices – Identify Critical Alerts
Share
Notification Show More
Font ResizerAa
Inst ToolsInst Tools
Font ResizerAa
  • Courses
  • Design
  • PLC
  • Interview
  • Control System
Search
  • Courses
  • Automation
    • PLC
    • Control System
    • Safety System
    • Communication
    • Fire & Gas System
  • Instrumentation
    • Design
    • Pressure
    • Temperature
    • Flow
    • Level
    • Vibration
    • Analyzer
    • Control Valve
    • Switch
    • Calibration
    • Erection & Commissioning
  • Interview
    • Instrumentation
    • Electrical
    • Electronics
    • Practical
  • Q&A
    • Instrumentation
    • Control System
    • Electrical
    • Electronics
    • Analog Electronics
    • Digital Electronics
    • Power Electronics
    • Microprocessor
  • Request
Follow US
All rights reserved. Reproduction in whole or in part without written permission is prohibited.
Inst Tools > Blog > PLC Tutorials > #20 PLC Best Practices – Identify Critical Alerts

#20 PLC Best Practices – Identify Critical Alerts

Identify PLC critical alerts and program a trap to monitor the trigger conditions and the alert state for any deviation.

Last updated: September 23, 2021 12:03 pm
Editorial Staff
PLC Tutorials
No Comments
Share
3 Min Read
SHARE

Identify critical alerts and program a trap for those alerts. Set the trap to monitor the trigger conditions and the alert state for any deviation.

Contents
Identify PLC Critical AlertsExample 1Example 2Example 3
Security ObjectiveTarget Group
MonitoringIntegration / Maintenance Service Provider

Identify PLC Critical Alerts

In most cases, alert-states are boolean (True, False) and triggered by certain conditions as displayed below.

For example, the trigger bit for the alert ‘overpressure’ becomes TRUE, if Condition 1 ‘pressure switch 1’, Condition 2 ‘pressure sensor value over critical threshold’, through n., are TRUE.

alert-states in PLC

To masquerade an attack, an adversary could suppress the alert trigger bit and cause a false negative.

A trap for false negatives monitors the conditions for the trigger bit and the negated trigger bit itself. With this simple setup, a false negative is detected. See the following picture:

False Negative Logic in PLC

In other cases, an adversary could deliberately cause false positives, to wear down the process operator’s attention.

In the same manner of the false negative trap, false positives can also be detected by monitoring the alert trigger bit and if the trigger conditions are met. If the conditions are NOT met, but the trigger bit is active, a false positive is detected: See the following picture:

False Positive PLC Logic

Example 1

Siemens offers in their Siemens S7-1200/1500 Products a Webserver with a wide range of functions, for example, display of the PLC-State, cycle time, or scope records.

It also has the option to view and modify data tables and variables. The access rights to the Webserver can be modified in the PLC-Hardware Settings.

In case of mis-configured access rights, an adversary could gain access to the PLC Variables and Datablocks. To create a false positive, the adversary selects an alert trigger bit and alters the state.

Example 2

In the Triton/Trisys/HatMan attack, rogue code suppressed alert states.

Example 3

A bus-injection attack could send a false positive alert to a high-level SCADA client.

Why?

Beneficial for…?Why?
    SecurityMitigates false negative or false positives of critical alert messages caused by an adversary obfuscating their attack (i.e., rogue code, bus injection, tampering with accessible PLC state tables on unsecured web servers).
Reliability/
Maintenance/

References

Standard/frameworkMapping
MITRE ATT&CK ICSTactic : TA009 – Inhibit Response Function
Technique:  T0878 – Alarm Suppression
ISA 62443-3-3SR 3.5: Input Validation
ISA 62443-4-2CR 3.5: Input Validation
ISA 62443-4-1SI-1: Security implementation review
MITRE CWECWE-754: Improper Check for Unusual or Exceptional Conditions

Source: PLC Security

Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
You've successfully subscribed !

Continue Reading

Inside the PLC Control Panel: How Much Do You Know?
Siemens PLC Interview Questions and Answers
Identify the Problem in the PLC Program
Explaining Various Types of Analog Instruments
Basic PLC Exercise on Heater and Cooler for Students
PLC Timer Instructions
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link
Share
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

128.3kFollowersLike
69.1kFollowersFollow
210kSubscribersSubscribe
38kFollowersFollow

Categories

Explore More

What is a Tag? Types of Tags in SCADA
PLC Program for Controlling Sequence of Conveyors with Interlock
FC Function in Siemens PLC
Communication Processor Module in Siemens PLC
Seven Segment Display Programming with Structured Text
Scaling with Parameters (SCP) Instruction in PLC
How to Choose a PLC for New Project? – Criteria for Selection of PLC
ON Delay Timer using PLC

Keep Learning

Basics of PID Controllers

PID Controllers in Closed Loop Control Systems – PLC Basics

TON Timer in RSlogix

Why is RTO used in the Place of TON Timer?

How to Read an Electrical Wiring Diagram

How to Read an Electrical Wiring Diagram?

SCADA Systems

SCADA Systems

Read Temperature in PLC

PLC Program to Read Temperature in PLC

PLC Documents

PLC System Documentation

PLC Program Example on Multiple LEDs using Set Coil

PLC Program Example on Multiple LEDs using Set Coil

Automatic Lamp Control in Storage Facility

PLC Program for Automatic Lamp Control in Storage Facility

Learn More

Allen Bradley PLC to PLC Communication in Studio 5000

Allen Bradley PLC to PLC Communication in Studio 5000

Digital Electronics Objective Questions

Digital Electronics Objective Questions – Set 9

Key Facts About RS485 Industrial Network

Key Facts About RS485 Industrial Network

Is it Possible to Measure liquid-liquid Level Interface using Float

Is it Possible to Measure Liquid-Liquid Level Interface using Float?

control valve parts

Common Terms Used in Control Valves

Digital Electronics MCQ

Arithmetic Operation Objective Questions

Triple-offset Butterfly Valves

Butterfly Valves – Concentric, Double-offset, and Triple-offset

Why is IEC 60269 Important

Why is IEC 60269 Important? – Electrical Applications

Menu

  • About
  • Privacy Policy
  • Copyright

Quick Links

  • Learn PLC
  • Helping Hand
  • Part Time Job

YouTube Subscribe

Follow US
All rights reserved. Reproduction in whole or in part without written permission is prohibited.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?