Share on social networks!

20 practices to program cyber insurance PLCs

On June 15, ISA Global Cybersecurity Alliance (ISAGCA), With admeritia GmbH (admeritia) They published a document where they explained the best practices for programming PLC improving the IT security of the PLCs and the plants they control.

Would you like to learn how to protect IoT devices and train as a Cybersecurity Director? Visit our Master in Cybersecurity Management, Ethical Hacking and Offensive Security and learn with the best.

What is a Programmable Logic Controller (PLC)?

A PLC (Programmable Logic Controller) is a device which is usually used in automatic engineering or industrial automation, for automate processes, such as the control of factory machinery, other production processes, etc.

ISA Global Cybersecurity Alliance is a collaborative forum to promote cybersecurity awareness, education, preparedness and knowledge sharing.

20 best practices for programming a PLC

From admeritia GmbH they indicate that in the document we can find:

  • Orientation: Instructions, theory, background and explanations.
  • Examples: Examples of implementation or also examples of what would happen if the practice was not implemented.
  • By that”: A list of benefits that the implementation of these practices will bring. They are almost always advantages regarding safety, but also maintenance and reliability.
  • References: References to standards and frameworks.

20 Best Practices for Programming PLCs

  1. Modularize PLC code, divide the PLC code into modules. 
  2. Monitoring of operating modes. Keep the PLC on RUN mode.
  3. leave the operational logic in the PLC whenever possible
  4. Use PLC indicators as integrity checks
  5. Use cryptographic integrity checks and/or checksum for the PLC code. 
  6. Validate timers and counters.
  7. Validate and alert on paired inputs/outputs. 
  8. Validate the variables HMI input at PLC level, not just at HMI
  9. Validate hints. 
  10. Assign record blocks designated by function (read/write/validation). 
  11. Instrument of plausibility check. 
  12. Validate contributions based on physical plausibility.
  13. Disable unnecessary/unused ports and communication protocols
  14. Restrict third-party data interfaces.
  15. Define a safe process state in case of PLC reset.
  16. Summarize the times PLC cycle times and trends in the HMI. 
  17. Record uptime of the PLC and the trend in the HMI
  18. Record hard stops from the PLC and trend on the HMI. 
  19. Monitor the use of PLC memory and create trends in the HMI.
  20. Catch false negatives and false positives for critical alerts Identify critical alerts and schedule a trap for those alerts.

We leave you the link to see the full report here.

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page
Master Cybersecurity Professional Master

Leave a comment