The global site of the UK's leading magazine for automation, motion engineering and power transmission
14 April, 2024

Twitter link

Free guide lists ‘top 20’ secure PLC coding practices

16 June, 2021

The ISA Global Cybersecurity Alliance (ISAGCA) has joined forces with the German industrial IT security specialist admeritia to produce a document that provides a list of coding practices for PLC programmers designed to improve the IT security of PLCs and the plants they control.

For many years, PLCs have been insecure by design. Although best practices have been adopted from the world of IT, resulting in secure protocols, encrypted communications, network segmentation and so on, there has not been a focus to date on using the characteristic features in PLCs (or Scada/DCS) for security, or how to program PLCs with security in mind. The Top 20 Secure PLC Coding Practices document is intended to fill that gap.

The aim of the freely downloadable 44-page document is to provide guidelines for engineers that program industrial controls using languages such as ladder logic and function charts, to help improve the security of their systems.

The public-sourced practices make use of functions built into PLCs and DCSs. Little or no additional software tools or hardware are needed to implement them. They can fit into normal PLC programming and operating workflows.

Dale Peterson, who created the S4 series of OT and IT cybersecurity events, explains the background to the new document. “At S4x20 event,” he says, “Jake Brodsky [a Scada and ICS security engineer with the US Federal Energy Regulatory Commission] identified that engineers and others who are programming and configuring PLCs are not being taught security practices. It's gratifying that the community – including organisations like ISAGCA – came together to fill this gap by creating and making freely available the Top 20 PLC Secure Coding Practices.”

“ISAGCA is pleased with the project's release and are looking forward to its future utilisation for our members,” adds ISAGCA managing director, Andre Ristaino. “The Top 20 Secure PLC Coding best practices document is sure to benefit the entire automation community in the ever-important PLC space.”

The ISA Global Cybersecurity Alliance has 50 member companies, representing more than $300bn in combined revenues. Its members include Eaton, Ford, Honeywell, Johnson Controls, Rockwell Automation, Schneider Electric and Xylem.

Admeritia, founded in 2004, focuses on IT and OT security for industrial control systems.

AdmeritiaTwitter  LinkedIn

  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here



"Do you think that robots create or destroy jobs?"



Most Read Articles