News IHU

Round Table Discussion: "Prospects for Enhancing Security and Developing Secure Industrial Controllers to Counter the Growing Cyber Threat"

On March 17, 2025, the scientific and technical club "Automation of Technological Processes Based on Industrial Controllers" of the Faculty of Cybersecurity, Software Engineering, and Computer Science at the International Humanitarian University, led by Associate Professor of the Department of Information Technologies S.G. Khnyunin, held a discussion.

📅 Date: March 17, 2025

🏛 Location: Faculty of Cybersecurity, Software Engineering, and Computer Science, International Humanitarian University

🔹 Topic: "Prospects for Enhancing Security and Developing Secure Industrial Controllers to Counter the Growing Cyber Threat"

During the discussion, key trends and critical directions were examined that are becoming increasingly important in the face of cybersecurity threats and could significantly impact the development of Programmable Logic Controllers (PLCs) in the coming years.

🔹 Key Topics Discussed:

  • Threat and Vulnerability Analysis: Regular assessment of potential threats and vulnerabilities in PLC software and hardware helps identify weak points and implement measures to mitigate risks.
  • Data Encryption: Implementing modern encryption methods for data transmission between PLCs and other devices helps prevent unauthorized access and man-in-the-middle attacks.
  • Authentication and Authorization: Introducing multi-factor authentication and strict authorization mechanisms limits access to systems to only authorized users.
  • Regular Updates and Patches: Developing timely update systems for PLCs, including security patch installations, minimizes risks associated with outdated software.
  • Network Segmentation: Dividing network infrastructure into multiple segments helps contain cyberattacks and improve overall system security.
  • Incident Monitoring and Response: Implementing monitoring systems capable of detecting anomalies in PLC operation, signaling potential cyberattacks, and developing an incident response plan ensures swift threat mitigation.
  • Use of Secure Communication Protocols: Applying secure protocols for data exchange between PLCs and other devices (e.g., MQTT with TLS, OPC UA with security features) protects information from interception.
  • Staff Training: Educating employees on cybersecurity fundamentals and safe PLC operation practices reduces the likelihood of human-factor-related errors.
  • Integration with Security Management Systems: Incorporating PLCs into an enterprise's overall cybersecurity strategy, including integration with Security Information and Event Management (SIEM) systems, enhances security and incident management.
  • Standards and Certification Compliance: Adhering to international security standards, such as IEC 62443 or NIST SP 800-53, ensures a high level of protection and regulatory compliance.

Developing secure PLCs requires a comprehensive approach that includes both technical and organizational measures. Given the rapid advancement of technology and the increasing number of cyber threats, ensuring security has become a top priority for PLC manufacturers and users alike.