Instrument the process in a way that allows for plausibility checks by cross-checking different measurements.
| Security Objective | Target Group |
| The integrity of I/O values | Product Supplier Integration / Maintenance Service Provider |
Instrument for Plausibility Checks
There are different ways of using physical plausibility for validating measurements:
a) Compare integrated and time-independent measurements
Plausibility checks can be done by integrating or differentiating time-dependent values over a period of time and comparing to time-independent measurements.
b) Compare different measurement sources
Also, measuring the same phenomenon in different ways can be a good plausibility check.
Different measurement sources do not necessarily have to be different physical sensors, but can also mean using alternative communication channels (see examples).
Example
a) Compare integrated and time-independent measurements
Metered pump and tank level gauge: volumetric change should equal integrated flow.
The burner in a boiler: added caloric heat should equal temperature rise.
b) Compare different measurement sources
Using air-speed, artificial horizon, vertical speed, and altitude in the airplane to measure the phenomenon of the climbing / descending airplane.
Comparing process parameter values from independent data loggers (tied into 4-20mA loops or relay contacts and transmitted via independent communication channels) to SCADA system data (coming in the “normal” way through PLC and HMI) and alerting on deviations and significantly off-specified values.
Why?
| Beneficial for…? | Why? |
| Security | Facilitates monitoring for manipulated values (assuming not all sensors are manipulated at once). |
| Reliability | Prevents acceptance or identifies (for future action) corrupted / wrong measurements as inputs. |
| Maintenance | Rules out the possible physical causes for failures more quickly. |
References
| Standard/framework | Mapping |
| MITRE ATT&CK for ICS | Tactic: TA010 – Impair Process Control Technique: T0806 – Brute Force I/O |
| ISA 62443-3-3 | SR 3.5: Input Validation SR 3.6: Deterministic Output |
| ISA 62443-4-2 | CR 3.5: Input Validation CR 3.6: Deterministic Output |
| MITRE CWE | CWE-754: Improper Check for Unusual or Exceptional Conditions |
Source: PLC Security
