As you may know, the industrial Raspberry PLC OS is Raspbian which is based on Linux and, like all the other distributions, takes profit from Linux security advantages and the open-source PLC Raspberry Pi.
Linux is one of the most secure Operating Systems nowadays and even more for Raspberry Pi automation. The main reason for this is, as it is open source, numerous corporations, independent developers and users are always focused on ensuring and improving the built-in security of the OS. The updater included in every Linux distribution provides constant security updates for its software applications and the OS itself. Thanks to this, most of the vulnerabilities are erased and patched more quickly compared to the other OS.
The key point you should consider are as follows:
Why is Linux more secure for a programmable logic controller?
Using Linux distributions ensures all kinds of updates and upgrades: security, drivers, applications, software and general OS. All of them are free of charge and come from trusted and verified sources. As all the main functionalities are integrated into the system or can be downloaded from trusted sources as Linux distribution repositories, there is no need of downloading software from insecure sites that can contain malware or Junkware.
Linux is coded considering security one of its pillars; updates are constant and take into account the OS as well as all its components. For this reason, you always have the best protection as the last security implementations are applied.
Linux-based systems can be infected by viruses, but its resistance in front of them is the OS structure against all kinds of malware. So the incessant updates do not allow the possibility of creating a proper virus, so there is no time enough. Even if your OS shows some vulnerabilities, there is a low percentage of suffering real damages as the main malware are designed to attack more popular systems like Windows.
An important feature is the user's roles and their administration by default. "Root" users, on most of the other OS, have permission to execute almost all possible applications, including damage to the system itself or cause insecurities. A clear example can be that, other OS, base the program choice to open a file in its name extension and this behavior makes the way easier to being attacked. Whereas in Linux, the file extension is only an "agreement" and every file has its own type independently of that. In the case of a malicious program camouflaged with the name "Text_documentation.docx", for example, Linux will recognize the file as a program, not as a DOCX document. The system will warn you about that and you only be able to execute it by providing the administrator password.
Secure Shell (SSH)
The main communication method to access the Raspberry Pi based PLC is through SSH. Secure Shell Protocol is a cryptographic network protocol that allows the operations with network services securely, independently of the network security level. This method provides a secure channel over an insecure network by using a client-server architecture.
SSH uses an encryption method called public-key cryptography to authenticate the remote computer and allow it to authenticate the user if required. Although there are several SSH configuration methods, the most common one is to use automatically generated public-private key pairs to encrypt the network connection and use password authentication to log on. It is also possible to generate the key pair manually, allowing the users or programs to log in without specifying a password. In this case, anyone can produce a matching pair of different keys. The public key is located in all the devices that must allow access to the owner of the matching private key.
Authentication is based on the private key, but this one is never sent through the network in the authentication period. SSH verifies that the same user, who offers the public key, also owns the matching private key. In Secure Shell, it is always important to verify unknown public keys before accepting them as valid, as accepting a non-authorized key will authorize a possible attacker as a valid user.
Other supported security methods for industrial control
Depending on the communication method of the industrial Raspberry Pi PLC, it can be used with multiple numbers of protocols. In most cases, each protocol has its own security method. For example, TCP/IP protocol can apply AES (Advanced Encryption Standard), TLS (Transport Layer Security) or SSL (Secure Socket Layer).
Although Linux cannot sound as popular as Windows or Mac operating systems, it is one of the most used. It is around us in our everyday life, so most of the servers have Linux, a lot of international companies like Redhat, Samsung, IBM and Google, use it. Even so, Mac OS is based on Linux, as well as Android, the most popular cell phone OS. These corporations, as well as the individual users and developers, provide security fixes because they provide improvements in Linux itself. This is a retroactive relationship that benefits the users and the OS together.