Yuting666
Hi Manager,

I'm new to OpenPLC and SCADABR, how can I apply more security features/measures to prevent hackers from hacking or false data injection? Thanks!

Your help will be greatly appreciated!

Regards,
OpenPLC Enthusiast
Quote 0 0
thiagoralves
This is not a simple question. PLCs are vulnerable to attacks by default, and OpenPLC is not different (as its main objective is to emulate traditional PLCs). Your best bet is to correctly isolate your OT network and place firewall rules that establish exactly which device is allowed to talk to your PLCs. This will greatly reduce your risk
Quote 0 0
evranch
As thiagoralves states, PLCs should not be exposed to the internet. They often have backdoors or default settings allowing easy access for maintenance. This is a good thing, because when you show up on a new site to fix a PLC issue, passwords were usually scrawled on a paper that has been lost somewhere.

Modbus/TCP and other Ethernet fieldbus protocols are vulnerable to data injection by their nature. They are not encrypted or authenticated and a rogue device can easily seize total control of the network. If remote access is not explicitly required, we air-gap the entire system including the SCADA/HMI hardware. If remote access is required, we use a hardware VPN appliance as the only point of contact. That is my recommendation if your system is being used for anything other than hobby experimentation.

OpenPLC seems fairly reliable and ready to be used for low criticality systems, I have about 6 months of uninterrupted uptime on a device here at my farm doing temperature and lighting control. But if your process is critical enough that you are concerned about attack, I would purchase a proven commercial PLC. Remember that the Raspberry Pi is still vulnerable to SD card corruption! 
Quote 0 0