Security Practices for IEC 61131-3 PLC Programming Languages Part 3: FBD
By Isiah Jones VP, Global ICS Security Service Delivery & Brian Foster Sr ICS Cybersecurity Engineer
Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages specific to programmable logic controllers (PLCs) that are defined in IEC 61131-3 as Sequential Function Chart (SFC), Ladder Diagram aka Ladder Logic (LD), Function Block Diagram (FBD), Instruction List (IL) and Structure Text (ST). In the IT community OWASP, NIST, SANS, CMMI, ISC2 and EC-Council, among others, have already created secure coding and secure development guidelines, best practices, testing tools and tips for higher level languages such as C, C++, Java, Python, JSON, HTML, XML, SQL and others. Some could argue that Structure Text includes several of these high-level languages. However, there has not been much focus by international standards organizations or industry experts on implementing security within the other 4 primary PLC focused languages in ICS. As a result, we wanted to share some of our recommendations for each of the IEC 61131-3 PLC languages in a 5-part blog series and aggregated white paper. In part 1 of our series we focused on Sequential Function Chart (SFC) and in part 2 we focused on Ladder Diagram or Ladder Logic (LD). Here in part 3 we will focus on Function Block Diagram (FBD).
Function Block Diagram
Function Block Diagram or FBD is a graphical language that allows you to create blocks of functions that group relationships between inputs and outputs. Various data types and mathematical functions are grouped into a block and the inputs and outputs state or condition is altered based on the function of the block. Each block has a symbol that represents a function such as OR which is represented by the symbol “ >=1” for example. The inputs and outputs from one block can be linked to another block enabling a graphical flow that shows the path that an input of one data type takes through a program, processed by different functions until it reaches a final output to achieve the purpose of the program and the overall designed process. The blocks themselves and linking various types of blocks together enables users to create very complex logic in a very graphical easy to follow manner.
Within FBD we believe the below recommended practices would improve the secure design and usage of FBD within ICS devices by adding security, safety and resilience supportive concepts within the FBD logic for all devices and operations that operate using FBD. These recommended practices are in no particular order and this is not an all-inclusive list.
We know there are many more possible best practices and recommendations that experienced individuals within the community can come up with. We wanted to be part of increasing the conversation for the creation of some formalized and well documented best practices guidelines for each of the 5 IEC 61131-3 PLC languages. Part 4 of this series will focus on Instruction List (IL). We encourage our global multisector community of automation and control systems creators, installers, integrators, regulators, international standards organizations, testing labs, safety and risk assessors, pentesters and end users to think of and enforce the implementation of more recommended practices to increase our level of due diligence in our attempts to improve the assurance levels of infrastructures the public depends on for daily life.
Isiah has over 13 years of progressive experiences in information technology and systems, information assurance, information security, cybersecurity, operational technology or industrial control systems security, national security and critical infrastructure security.