Cybersecurity: Programmable Logic Controllers

Photo of computer network cables plugged into a routing box next to a metal security door.

Overview

On behalf of the Auditor’s Office, CP Cyber LLC conducted a cybersecurity assessment of an agency within the City and County of Denver. This assessment found some areas of strength and some areas that need improvement. Because of the information security sensitivities involved with this assessment, these issues have been communicated. This report gives a general overview of programmable logic controllers.

Programmable logic controllers

Programmable logic controllers are computer control systems that are commonly used in industrial control and automation applications. They are responsible for controlling and monitoring various processes and machines within a facility. Programmable logic controllers are highly reliable and efficient, which makes them an essential part of many industries.

There are many examples of programmable logic controllers being used in Denver. One example is using them to power a pump for a relief valve based on pressure sensors during times of stormwater surge. Another example is using programmable logic controllers to provide voltage to traffic lights based on inputs from traffic controllers, cameras, road sensors, and pedestrian walk buttons. Programmable logic controllers are also commonly used in heating, ventilation, and air conditioning systems, and even in golf course irrigation systems.

Risks of using programmable logic controllers

Like any computer-based system, programmable logic controllers are also vulnerable to security risks. One of the security risks associated with programmable logic controllers is unauthorized access. When they are connected to networks that can be accessed remotely, anyone with the right credentials can gain access to the system. This presents a significant risk, as an attacker could potentially take control of the programmable logic controller and manipulate the functions it controls. For example, an attacker could change the temperature of a furnace, disrupt the flow of a production line, or even shut down a facility.

The security risks associated with programmable logic controllers are significant because they can have serious consequences for a facility and the people who work there. In some cases, security breaches could result in financial losses, legal liabilities, and damage to the facility. In other cases, they could lead to injuries or even fatalities. For example, if an attacker were to take control of a programmable logic controller that controls a chemical process, they could potentially cause a chemical spill or release toxic fumes, which could be dangerous for workers and the surrounding community.

To mitigate the security risks associated with programmable logic controllers, it is essential to implement proper security measures. This can include regularly updating the programmable logic controller software, using strong passwords and credentials, and installing firewalls and other security measures to protect the system from external threats. It is also important to train employees on the importance of cybersecurity and how to identify and report potential security threats.

Timothy O'Brien Official Headshot

AUDITOR TIMOTHY O'BRIEN, CPA
Denver Auditor

Denver Auditor´s Office

201 W. Colfax Ave. #705 Denver, CO 80202
Emailauditor@denvergov.org
Call: 720-913-5000
Follow us on Facebook     Connect with us on Twitter
Read our social media policy

Auditors Office Logos for Footer

Back to top