ControlLogix
From SCADApedia
The Logix family is the most full featured programmable controllers in the Allen Bradley line of Rockwell Automation. The ControlLogix Programmable Automation Controller (PAC) is the flagship product of the Logix family.
ControlLogix Overview
The ControlLogix PAC consists of a chassis with controller, power supply and I/O modules that can be used as both a controller and a gateway. The number and type of modules is determined based on the size and type of system being controlled, network topologies and protocols, and redundancy requirements. ControlLogix configurations can vary greatly with the large number of modules and ability to mix and match to meet requirements. The 1756-ENBT and 1756-EWEB (which includes a web server) modules provide an Ethernet connection to the ControlLogix and warrant special attention from an information security perspective.
Management can occur locally or over a network using one of the Rockwell Software applications such as RSLogix.
A wide range of control system protocols are supported on the ControlLogix platform. For communication from a SCADA server, HMI or other controllers the ControlLogix supports Ethernet/IP, ControlNet and Data Highway as well as other standard protocols from third party modules such as Modbus TCP. Protocol support for I/O communication includes the Ethernet/IP, ControlNet and DeviceNet plus HART, FOUNDATION Fieldbus and other standard protocols. Since this is a popular controller platform, there is a good chance that most control system protocols are supported directly by Rockwell Automation or by a third party product that can be integrated in the ControlLogix platform.
Security
As more capabilities are pushed out to the PAC like the ControlLogix, they become a more crucial component in a control system and a bigger target. One of the simplest means to secure a ControlLogix is to physically place the controller modules into Run mode and remove the physical key. Unfortunately this prevents remote management and viewing of the configuration. This may be acceptable in small DCS but would be place a burden and delay response in a geographically dispersed SCADA system.
The ControlLogix does offer some basic security features as described below. These features are available in most of the Logix5000 family of Allen Bradley controllers.
CPU Lock
All logical access to a ControlLogix can be controlled via a single password using the CPU Lock feature. Once a password, that can be up to 40-characters, is configured in a ControlLogix, the PAC can then be locked or unlocked using a separate CPU Lock software utility.
The PAC Administrator would configure the PAC, set a CPU Lock password in the PAC using the software utility, and then logically lock the PAC. No users would be able to view or change the configuration until the CPU Lock software utility is used to lock the PAC.
The CPU Lock feature is not integrated into most of the Rockwell Software products, such as RSLinx, RSLogix (V15) or RSMACC. (Note: CPU Lock may be integrated in RSLogix V16) So managing a ControlLogix with this feature is a three step process.
- Use the CPU Lock software utility to unlock the PAC
- Use a Rockwell Software product to view or modify the PAC configuration
- Use the CPU Lock software utility to lock the PAC
There is no workaround for this feature except for a hard reset of the entire unit. So a lost CPU Lock password will prevent any changes or viewing of the PAC configuration.
The password is stored in non volatile memory, if available, so it will not be lost in case of a power outage.
Source Protection Tool
The source code in individual routines and add on instructions in the ControlLogix may be protected from viewing, editing and exporting using the Source Protection Tool. A password up to 40-characters in length can be assigned to each routine. A protected routine can be set to normal protection which prevents viewing, editing and exporting or to view only protection.
Unlike CPU Lock, Source Protection has been integrated into RSLogix since Version 11. The passwords can be stored locally on each RSLogix PC or in a central location. The central location must be accessible by all RSLogix PC's, but this makes password management much easier. The passwords are stored in cleartext, so a sophisticated attacker may be able to determine the file location and capture all passwords.
Role based access control can be implemented by allowing a single Source Protection password to provide access rights to multiple routines. This prevents a user from having to manage and enter multiple PAC passwords for this feature.
The Source Protection Tool does not prevent an attacker or employee from entering new routines into the PAC.
Priority
Each task can be assigned a priority level from 1 (highest priority) to 15 (lowest priority). Resources on the PLC are made available based on priority. If the capacity of the resources may be an issue, assign priorities to the tasks. For example, control tasks could be assigned priority over condition based maintenance tasks.
Limiting CIP Connections
The 1756 interface module on a ControlLogix can be configured to limit Common Industrial Protocol (CIP) connections over the Ethernet/IP network to a number between 1 and 128. This setting could prevent or help an attacker perform a denial of service attack.
