Computer systems have found numerous applications in the industrial automation environment and are employed ubiquitously throughout, e.g., to control and/or monitor the operation of a process, machine, tool, device, and the like. To facilitate control of a process, etc., one or more controllers (e.g., a programmable logic controller (PLC)) are utilized with input/output (I/O) devices controlling operation of the process along with gathering process information (e.g., measurements, data, values, parameters, variables, metadata, etc.) pertaining to how the process is performing.
As highlighted by the STUXNET attack, discovered in June 2010, process control operations, and PLCs in particular, have become a focus for malicious attack, such as a computer worm, virus or other malware. As a generalized overview, the STUXNET attack involved a computer worm taking control of a PLC, the PLC was controlled to effect destruction of a component and/or apparatus while at the same time, the PLC was reporting that the component/apparatus was operating correctly. A contemporary approach for verification of PLC integrity can involve requesting content of the PLC firmware and/or logic over a network, whereby the integrity of the PLC can be remotely determined. In another approach, traffic (e.g., data, commands, etc.) can be examined as it flows into and/or out of a control network associated with the PLC. However, as mentioned with regard to the STUXNET attack, the firmware/logic read-back approach and the traffic on the control network can be subverted.