On Design-time Security in IEC 61499 Systems: Conceptualisation, Implementation, and Feasibility

Cyber-attacks on Industrial Automation and Control Systems (IACS) are rising in numbers and sophistication. Embedded controller devices such as Programmable Logic Controllers (PLCs), which are central to controlling physical processes, must be secured against attacks on confidentiality, integrity and availability. The focus of this paper is to add design-level support for security in IACS applications, especially around inter-PLC communications. We propose an end-to-end solution to develop IACS applications with inherent, and parametric support for security. Built using the IEC 61499 Function Blocks standard, this solution allows us to annotate certain communications as 'secure' during design time. When the application is compiled, these annotations are transformed into a security layer that implements encrypted communication between PLCs. In this paper, we implement a part of this security layer focussed on confidentiality, called Confidentiality Layer for Function Blocks (CL4FB), which provides a range of encryption/decryption and secure key exchange functionalities. We study the impact of using CL4FB in IACS applications with real-time constraints. Through a case study focussing on protection functions in smart-grids, we show that varying levels of confidentiality can be achieved while also meeting hard real-time deadlines.