June 16, 2021
For many years, Programmable Logic Controllers (PLCs) have been insecure by design. Well, secure coding practices don’t exist for PLCs too. But, it is now thing of the past!
The aim of this project by PLC Security is to provide guidelines to engineers that are programming PLC to help improve the security posture of Industrial Control Systems. These practices leverage natively available functionality in the PLC/DCS. Little to no additional software tools or hardware are needed to implement these practices. They can all be fit into the normal PLC programming and operating workflow. More than security expertise, good knowledge of the PLCs to be protected, their logic, and the underlying process is needed for implementing these practices. To fit the scope of the Top 20 Secure PLC Coding practices list, practices need to involve changes made directly to a PLC.
The “Top 20 Secure PLC Programming Practices” contains the distilled wisdom of hundreds of PLC programmers, engineers, and security experts. This is a must read for every ICS security professional and PLC programmer, it is a specific guideline for coding a programmed PLC to help thwart a cyber-physical attack.