Device can detect malware on Siemens PLCs
The German remote maintenance specialist MB Connect Line has developed what is claimed to be the world’s first device that can detect viruses and malware, such as Stuxnet, on Siemens S7 PLCs.
Using a reference backup, the mbEagle device monitors the static memory area of S7-300 and S7-400 controllers continuously. Any changes caused by malware or viruses can be detected, as well as any “suspicious” changes to the control program. If it detects a change, the device sends an email or an SMS message to the operator.
The device also provides continuous backup of data. This ensures, for example, that any optimisations to recipes and setpoint changes are available immediately if the PLC hardware needs to be replaced. The recovery of the control program is executed directly via the mbEagle without needing any special software.
The device can be connected to a PLC via MPI-/Profibus or Ethernet. Configuration settings and modifications are performed via a Web browser. To ensure security, the device cannot be accessed via a corporate network or the Internet.
The mbEagle incorporates a four-port LAN switch, an RS-232/485 serial port, a WAN (wide area network) port for sending emails, two SIM card slots, a 3G modem, a USB host port, four digital inputs and two digital outputs. It supports GPRS, Edge, UMTS and HSPA+ networks.
MB Connect Line is planning to extend the mbEagle to support other PLCs.
In the UK, the device is available from Nacom Automation.