A Quad-Redundant PLC Architecture for Cyber-Resilient Industrial Control Systems

Due to their importance in modern critical infrastructure, industrial environments, and military platforms, programmable logic controllers (PLCs) must be protected from cyberattacks. This letter presents a quad-redundant architecture for PLCs to achieve cyber-resilience against hacking. Typical redundancy schemes for PLCs provide robustness against physical damage and random faults, but exhibit severe vulnerabilities to software hijacking and other cyberattacks. The proposed quad-redundant architecture combines software diversification and hardware redundancy to harden PLCs and provide high-assurance protection against software hijacking, and improves cyber-resilience by securely regenerating PLC instances that succumb to cyberattacks. A chilled-water system and memory corruption attack scenario are simulated with control hardware-in-the-loop to evaluate the cyber-resilience achieved by the proposed architecture and demonstrate successful recovery from cyberattacks. Results show that the proposed architecture can successfully detect, thwart, and recover from software hijacking cyberattacks that would otherwise be extremely difficult to detect.