Smart Behavioural Filter for Industrial Internet of Things: A Security Extension for PLC

We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with ‘Industry 4.0’. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities. Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content represents an anomalous and unpredicted behaviour. This smart field equipment can react in short time to cyber attacks isolating the PLC, communicate with other equipment like itself and increasing in general the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS). The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project and H2020 ATENA project.