What makes PLCs especially difficult to secure?

PLCs are designed for deterministic real-time control, where any unexpected load or interruption can cause process failures. They cannot handle the network traffic generated by vulnerability scanners. They run proprietary OS environments that don't support third-party software. Their communication protocols (Modbus, EtherNet/IP, Profinet) have no authentication. And they often cannot be taken offline for patching without significant operational planning and downtime.

Definition

PLC (Programmable Logic Controller)

An industrial computer that automates physical processes in manufacturing and critical infrastructure. PLCs are high-value attack targets that typically run decades-old firmware without any endpoint security.

What is PLC (Programmable Logic Controller)?

A Programmable Logic Controller (PLC) is a ruggedized industrial computer that executes automated control logic for physical processes — monitoring sensor inputs and issuing control outputs to actuators, motors, valves, and other mechanical systems. PLCs are the workhorses of industrial automation: they control assembly lines, regulate chemical processes, manage power distribution, operate water treatment systems, and automate hundreds of other industrial functions.

PLCs are among the highest-value targets in industrial cybersecurity. Compromising a PLC means compromising the physical process it controls. This was demonstrated definitively by Stuxnet, which targeted Siemens S7 PLCs and caused centrifuges to spin at damaging speeds while reporting normal operation to operators. More recent attacks have demonstrated similar capabilities against PLCs controlling water treatment systems and electric grid equipment.

The security challenge is that PLCs were designed for reliability and determinism, not security. They typically run proprietary real-time operating systems, use protocols with no authentication (Modbus TCP, EtherNet/IP, Profinet), and were designed for isolated industrial networks where the threat of unauthorized command injection wasn't anticipated. They cannot run security agents, cannot be scanned without risk of disruption, and often cannot be patched without vendor involvement and operational downtime.

Key Facts

Stuxnet, the first known cyber weapon, specifically targeted Siemens S7-315 and S7-417 PLCs
PLCs from Siemens, Rockwell Allen-Bradley, Schneider Electric Modicon, and Mitsubishi are most widely deployed
Most PLCs support no authentication on their primary programming and control protocols
ICS-CERT regularly publishes PLC-specific security advisories with no available patches for legacy hardware

How ORDR Addresses PLC (Programmable Logic Controller)

ORDR discovers PLCs passively using protocol fingerprinting and traffic analysis, classifies them by manufacturer, model, and firmware version, and monitors their communication behavior for anomalies — unauthorized write commands, unexpected communication sources, protocol deviations that may indicate attack activity. ORDR never sends active probes to PLCs, ensuring monitoring doesn't affect process stability.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Protect your operational technology.

ORDR discovers and monitors every OT asset in real time—even legacy PLCs and SCADA systems that cannot run agents.

REQUEST A DEMO OT Security Solutions