Protection against physical access 

Protection against physical access is an important requirement for OT devices (component). Attackers may access the hardware and try to manipulate the firmware, configuration, or applications.

IEC 62443 describes major attack vectors, like:

  • non-operational
    • transferring the component from the manufacturer to the system integrator
    • transferring the component installed  to the asset owner in a cabinet together with the machine
    • storing the component on stock
  • commissioning/maintenance
    • accessing the component by the service personal
  • operational
    • recognize physical access to the component during running

Even if PLCnext Control devices provide already several tampering protection mechanisms, the potential physical access needs to be supervised by the system integrator, the service provider, and the asset owner. This is done by using additional organizational measures defined in their Information Security Management System (ISMS). Such measures are for example described in IEC 62443-2-4 and IEC 62443-3-3, as well as in ISO IEC 27001.

Risk of unauthorized access to devices

The safety controller RFC 4072S has a touch screen display and is used with an external SD card. This makes unencrypted information available. To prevent damage, data corruption, loss of data, or misuse of data due to authorized access, make sure that only authorized access is possible.

  • Protect the interfaces by installing the devices in a control cabinet.
  • Secure the control cabinet with a lock.
  • Make sure that only authorized persons have access to the control cabinet key.
  • Run cables in such a way that they are protected against unauthorized access.

PLCnext Control devices provide security measures to support organizational measures by:

  • Security seals (security void) to protect the housing as well as indicating opening attempts.
  • CabinetDoorState library providing the possibility to generate security notifications based on lockable, supervised cabinets.
  • Disabled communication on external interfaces, e.g. SD card slot, USB connector

Shipping packaging

Stickers are attached to the packaging to prevent tampering with the device during shipping (e.g. by installing a different firmware) and to detect unauthorized opening of the packaging.

  • Make sure that the packaging has not yet been opened. To do this, check that the sticker on the box of the PLCnext Control is intact.  

If the sticker on the box is damaged, you must not use the device!

  • If you notice any damage to the packaging, contact Phoenix Contact immediately.

Measures for shipment

If a PLCnext Control is delivered from the system integrator to the asset owner, the following measures must be taken into account:

  • There must be no customer-specific data on the internal SD card.
  • Only use external, encrypted SD cards and send them in a separate package from the PLCnext Control.
  • Prepare the PLCnext Control so that it can be used with the external SD card (set up the recovery password).
  • Send the recovery password and the encryption password separately from the PLCnext Control and SD card.
  • Preferably, PLCnext Control, SD cards and passwords should be shipped individually in sealed packaging with security seals.

Security seals

In order to prevent manipulation of the device supplied and to detect unauthorized opening of the device, security seals have been applied to the controller. These security seals are damaged in the event of unauthorized opening. In this case, correct operation of the controller can no longer be ensured.

For more information, refer to the corresponding topic of the controller (e. g. AXC F 2152 ). 

Cabinet supervision

To protect the PLCnext Control during operation, commissioning, and maintenance an example application and library can be installed via the app "IEC 62443 Cabinet Supervision" in the PLCnext Store.  It contains the CDS_SendNotification function block which can be connected to one or more cabinet supervision contacts. If the status of the cabinet door supervision contacts is changed, the function block is generating security notifications which may indicate an unauthorized access.

To supervise the control cabinet door, add the CDS_SendNotification function block into your program, connect it with the cabinet supervision contact, setup the notification text according to your organizational measures, and you will be notified about every action at the cabinet's door.

From the app "IEC 62443 Cabinet Supervision" you must install the function block libraries CDS_Security and RSC_Notifications.

To use theCDS_SendNotificationfunction block, proceed as follows: 

  • Open your project in the PLCnext Engineer. show moreshow more

     For further information on PLCnext Engineer, refer to the PLCnext Engineer Quick Start Guide in the main PLCnext Technology ‑ Info CenterStarting with release 2022.0 LTS, the PLCnext Engineer embedded help is also online available.

  • From the Libraries section of the COMPONENTS area, insert theRSC_Notificationsfunction block example into your program.
  • Instantiate one function block per cabinet door to be supervised.
  • Assign inputs and outputs of the function blocks.
    Note: The default setting of the IN ports is NC (normally closed). If you use an NO contact (normally open), you must adjust the string accordingly.
  • Save and transfer your project to the controller.

Now you will receive messages about the status of your control cabinet via the Web-based Management (WBM) on your PLCnext Control:

In the Notification area at the bottom you will see the following notification: 

For more information on how to work with function blocks in PLCnext Engineer, see the Quick Start Guide section of the main PLCnext Technology ‑ Info Center, or refer to the respective section in the PLCnext Engineer Help which is online available.

For more information on how to use the function blocks, see the app documentation on the app's details page in the PLCnext Store.

Disabled communication on external interfaces

The housing of PLCnext Control AXC F 1152AXC F 2152, and AXC F 3152 provides two major external interfaces:

  • Mini USB port
    The mini USB port is switched off by the firmware and cannot be accessed.
  • External SD card slot
    The communication with the SD card slot is deactivated by the Security Profile.
    It might be enabled in the Web-based Management after risk assessment, but only using a special SD card supporting encryption (Phoenix Contact item no. 1151112 or item no. 1151111). 

SD cards

  • Check the delivery of the SD card for transport damage.

Security iconIf the packaging is opened or damaged, there is a security risk. The SD card could have been tampered with.
  • You must not use the SD card! In this case, contact Phoenix Contact immediately.

 

 

 


• Published/reviewed: 2024-12-16 • Revision 016 •