Security system detects malware, tampering on PLCs

MB Connect Line (Ilsfeld, Germany) presents the mbSECBOX as a new security solution for PLC controllers. This IP security device detects malware similar to STUXNET and other possible threats on the S7 Controllers. After a threat is found the mbSECBOX will immediately alert the operator before any damage occurs. Unfortunately, most S7 PLCs offer no safeguards against the intrusion of viruses and malware.

Traditional types of virus scanners with pattern recognition do not protect controller appliances from potential threats. The mbSECBOX therefore operates on the principle of a positive list. The first step is to create a so-called "reference backup".

The complete program memory (OB, FC, FB , DB, SFC , SFB, SDB) , the order number and the serial number from the PLC are read and stored in memory. Based on the reference data, the device continuously monitors the static memory area of S7-300 and S7-400 controllers. The program blocks are read in a user-specified interval and compared with the reference backup. When changes are executed to the program data, the system operator will be informed via an email or text messaging or a warning light or siren can be triggered from an output interface.

Manipulation by malware and viruses are recognized as unauthorized changes to the controllers program, the "times were carried out shortly" on the night shift. The connection to the controller is established via the MPI-/Profibus or Ethernet. For security reasons, the device is not accessible over the company network of the internet. Learn more.