I/O Image
Jump to navigation
Jump to search
I/O Image | |
---|---|
Technique | |
ID | T0877 |
Tactic | Collection |
Data Sources | Controller program |
Asset | Field Controller/RTU/PLC/IED |
Description
Adversaries may seek to capture process image values related to the inputs and outputs of a PLC. Within a PLC all input and output states are stored into an I/O image. This image is used by the user program instead of directly interacting with physical I/O.1
Procedure Examples
- Stuxnet copies the input area of an I/O image into data blocks with a one second interval between copies, forming a 21 second recording of the input area. The input area contains information being passed to the PLC from a peripheral. For example, the current state of a valve or the temperature of a device.2
Mitigations
- Mitigation Limited or Not Effective - This technique may not be effectively mitigated against, consider controls for assets and processes that lead to the use of this technique.
References