2 minute read
INDUSTRY DIRECTIONS
Top 20 Secure PLC Coding Practices
By David Greenfield
dgreenfield@automationworld.com
Editor-In-Chief/ Director of Content Director of Content
Industrial cybersecurity has moved from being a topic of interest only to industrial and cybersecurity professionals to the forefront of mainstream media coverage as ransomware attacks have disrupted fuel and food supplies in the first months of 2021. There are many methods hackers use to infiltrate industrial control systems (ICS)—often through phishing methods used to extract sensitive passwords from employees. But that fact doesn’t relegate ICS security solely to the IT realm.
To help industrial companies protect the control systems used across industries, Admeritia—an operations technology-focused provider of cybersecurity software and services—has compiled a list of what it considers to be the top 20 secure PLC coding practices.
Following is a brief rundown of these top 20 practices: • Split PLC codes into modules using different function blocks and test each independently. • Track operating modes by keeping the
PLC in “run” mode; if a PLC is not in this mode, it should trigger an operator alarm. • Leave operational logic in the PLC where feasible rather than in other applications, such as the human machine interface (HMI). • Place counters on PLC error flags to capture any math problems in the code. • Use cryptographic hashes or checksums to check PLC code integrity and issue alarms when they change. • Validate timer and counter values in the
PLC code for “reasonableness” and verify backward counts below zero. • Ensure that paired I/O signals are not asserted together. I/O states considered unfeasible should trigger alarms. • Validate HMI input variables at the PLC, not just at the HMI. • Poison array ends to catch fence-post errors to validate indirections. • Assign designated register blocks for specific functions to validate data, avoid buffer overflows, and block external writes. • Instrument your control processes to allow for plausibility checks by crosschecking different measurements. • Ensure that operators can only enter input that’s physically feasible. Set a timer for how long an operation should take with alerts sent for any unexpected activities. • Disable ports and protocols not required for an application. • All data interface connections should be well defined and restricted to only allow read/write capabilities for the required data transfer. • Define safe states for the process in case of PLC restarts. • Summarize PLC cycle times every two to three seconds and report to HMI for visualization. • Log and trend PLC uptime on the HMI for diagnostics. • Store PLC hard stop events for retrieval by the HMI before PLC restarts. • Monitor PLC memory use and trend it on the HMI. • Identify critical alerts and program a trap for them that monitors their trigger conditions and the alert state for any deviation.
Full details of these PLC coding security practices can be downloaded from Admeritia’s Secure PLC Programming Project site at awgo.to/1226.
