dos attack

DoS Attacks Disrupting the Physical Processes of PLCs

dos attack

Last year, a paper “You Snooze, You Lose: Measuring PLC Cycle Times Under Attacks” was published by the researchers of the German universities Hochschule Augsburg and Freie Universität Berlin. It demonstrated how a denial of service (DoS) attack affected programmable logic controllers (PLCs). The research showed that network flooding could disturb the physical processes of a device. The study involved 16 devices from six different vendors, which clearly showed that network traffic could influence the processes controlled by industrial control systems (ICS). The research concluded that controllers with default configurations are susceptible to DoS attacks.

Another research also found that over half of attacks that targeted at the technology sector DoS/DDoS attacks accounted for 25% of them.

On December 12, 2019, ICS-CERT released an advisory related to the CVE-2019-10953 flaw. Apart from risk evaluation and technical details, it contained responses of the affected vendors. Well, according to the National Vulnerability Database, the controllers with CVE-2019-10953 flaw when flooded with network packets face DoS attack. The security loophole received a CVSS (Common Vulnerability Scoring System) score of 7.5, after which it was declared as a “high severity” flaw.

Phases of a PLC cycle time

Cybersecurity experts believe that DoS attacks impact industrial systems more than the IT systems. It aims at the cycle time of a PLC, which consists of four critical phases –

  • Reading inputs (for example, use of sensors),
  • Executing program,
  • Performing diagnostics and communication tasks and
  • Generating output.

These four phases combine to form a PLC cycle time, usually ranging from 1 to 10 milliseconds. The DoS targets this cycle time to cause major disruptions in the PLC controlled processes.

PLCs react to this flaw differently – sometimes, they completely stop updating outputs while others respond by slowing down the performance. As the threat actors don’t need to know the specifics of the physical processes controlled by the PLCs before launching crafted network traffic, the attack can be launched in two ways –

  • From the internet directly
  • From a compromised device located on the same network

This form of DoS attack affects not only the network side of the PLC but also the processes controlled by the affected PLC. Interestingly, it doesn’t have any impact on network connectivity.

Organizations need the intervention of a Certified Network Defender (C|ND) who can identify potential threats and keep devices safe from cybercriminals. The program helps the attendees to protect, detect, and respond to the network attacks, including DoS attacks. Their skills save enterprises from numerous network-based threats. It also offers hands-on experience to make you job ready.


What is PLC?
A programmable logic controller is an industry-based computer that controls heavy machines and processes. It monitors the state of input devices and makes decisions on the state of output devices. PLCs face trouble due to their network connections, giving rise to security concerns.

Also read: What is Network Security? Types of Network Security

What is a DoS attack?
It is a network-based attack where a perpetrator floods the targeted network with unwanted traffic. The most common form of DoS attack is DDoS, which stands for Distributed Denial of Service attack.

Read more: Deadly Ddos Attacks Are on the Rise – Are You Prepared?

get certified from ec-council
Write for Us