{"id":37339,"date":"2021-06-23T10:23:38","date_gmt":"2021-06-23T08:23:38","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=37339"},"modified":"2021-06-23T10:54:28","modified_gmt":"2021-06-23T08:54:28","slug":"20-best-practices-for-programming-plcs","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/blog-ciberseguridad\/20-mejores-practicas-para-programar-plcs\/","title":{"rendered":"20 practices to program cyber insurance PLCs"},"content":{"rendered":"<p>On June 15,<strong> ISA Global Cybersecurity Alliance (ISAGCA)<\/strong>, With <strong>admeritia GmbH (admeritia)<\/strong> They published a document where they explained the <strong>best practices for programming PLC<\/strong> improving the IT security of the PLCs and the plants they control.<\/p>\n\n\n\n<p>Would you like to learn how to protect IoT devices and train as a Cybersecurity Director? Visit our <a href=\"https:\/\/eiposgrados.edu.es\/master-en-ciberseguridad\/\" target=\"_blank\" rel=\"noopener\">Master in Cybersecurity Management, Ethical Hacking and Offensive Security<\/a> and learn with the best. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is a Programmable Logic Controller (PLC)?<\/h2>\n\n\n\n<p>A PLC (Programmable Logic Controller) is a <strong>device<\/strong> which is usually used in automatic engineering or industrial automation, for<strong> automate processes<\/strong>, such as the control of factory machinery, other production processes, etc.<\/p>\n\n\n\n<p>ISA Global Cybersecurity Alliance is a collaborative forum to promote cybersecurity awareness, education, preparedness and knowledge sharing.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-1024x683.jpg\" alt=\"\" class=\"wp-image-37377\" width=\"585\" height=\"390\" title=\"\" srcset=\"https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-1024x683.jpg 1024w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-300x200.jpg 300w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-768x512.jpg 768w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-1536x1024.jpg 1536w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-2048x1365.jpg 2048w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-248x165.jpg 248w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-190x126.jpg 190w, https:\/\/eiposgrados.com\/wp-content\/uploads\/2021\/06\/20-mejores-practicas-para-programar-un-PLCs-scaled.jpg 1920w\" sizes=\"(max-width: 585px) 100vw, 585px\" \/><\/figure><\/div>\n\n\n\n<p>From admeritia GmbH they indicate that in the document <strong>we can find:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Orientation<\/strong>: Instructions, theory, background and explanations.<\/li><li><strong>Examples<\/strong>: Examples of implementation or also examples of what would happen if the practice was not implemented.<\/li><li>\u201c<strong>By<\/strong> <strong>that<\/strong>\u201d: A list of benefits that the implementation of these practices will bring. They are almost always advantages regarding safety, but also maintenance and reliability.<\/li><li><strong>References<\/strong>: References to standards and frameworks.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">20 Best Practices for Programming PLCs<\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>Modularize<\/strong> PLC code, divide the PLC code into modules.&nbsp;<\/li><li>Monitoring of operating modes. Keep the PLC on <strong>RUN mode.<\/strong><\/li><li>leave the <strong>operational logic<\/strong> in the PLC whenever possible<\/li><li>Use<strong> PLC indicators<\/strong> as integrity checks<\/li><li>Use <strong>cryptographic integrity checks<\/strong> and\/or checksum for the PLC code.&nbsp;<\/li><li><strong>Validate<\/strong> timers and counters.<\/li><li><strong>Validate and alert<\/strong> on paired inputs\/outputs.&nbsp;<\/li><li><strong>Validate the variables<\/strong> HMI input at PLC level, not just at HMI<\/li><li><strong>Validate<\/strong> hints.&nbsp;<\/li><li>Assign<strong> record blocks <\/strong>designated by function (read\/write\/validation).&nbsp;<\/li><li>Instrument of<strong> plausibility check.<\/strong>&nbsp;<\/li><li><strong>Validate<\/strong> contributions based on physical plausibility.<\/li><li><strong>Disable<\/strong> unnecessary\/unused ports and communication protocols<\/li><li><strong>Restrict third-party data interfaces<\/strong>.<\/li><li>Define a<strong> safe process state<\/strong> in case of PLC reset.<\/li><li><strong>Summarize the times<\/strong> PLC cycle times and trends in the HMI.&nbsp;<\/li><li><strong>Record uptime<\/strong> of the PLC and the trend in the HMI<\/li><li><strong>Record hard stops <\/strong>from the PLC and trend on the HMI.&nbsp;<\/li><li><strong>Monitor<\/strong> the use of PLC memory and create trends in the HMI.<\/li><li><strong>Catch false negatives and false positives<\/strong> for critical alerts Identify critical alerts and schedule a trap for those alerts.<\/li><\/ol>\n\n\n\n<p>We leave you the link to see the full report <a href=\"https:\/\/www.plc-security.com\/content\/Top_20_Secure_PLC_Coding_Practices_V1.0.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Do you know what a PLC is? We explain it to you and make a compilation of the 20 best practices for programming PLCs. Forward!<\/p>","protected":false},"author":51,"featured_media":37382,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[332],"tags":[],"class_list":["post-37339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-ciberseguridad"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/37339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/51"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=37339"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/37339\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/37382"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=37339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=37339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=37339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}