Blog
Blog
The Top 20 Secure PLC Coding Practices. Part 8 – Validate and alert for paired inputs / outputs
If you have paired signals, ensure that both signals are not asserted together. Alarm the operator when input / output states occur that are physically not feasible. Consider making paired signals independent or adding delay timers when toggling outputs...
Data Privacy, Data Security. Vol. I
Data Privacy Privacy, in general terms, is the right to be free from intrusion and interference. In common language, the right to be left alone. In the legal system of a lot of countries privacy is one of the fundamental human rights. In terms of Information...
The Top 20 Secure PLC Coding Practices. Part 7 – Validate timers and counters
If timers and counters values are written to the PLC program, they should be validated by the PLC for reasonableness and verify backward counts below zero Security Objective Target Group Integrity of PLC variables Integration / Maintenance Service...
Small Business Cyber Security Response and Recovery. Part VI – Learn from the incident
How to prepare for a cyber incident, from response through to recovery Part 6 - Learn from the incident Once the incident has been resolved it is important to review what has happened, learn from any mistakes, and update key information, controls &...
The Top 20 Secure PLC Coding Practices. Part 6 – Use cryptographic and / or checksum integrity checks for PLC code
Use cryptographic hashes, or checksums if cryptographic hashes are unavailable, to check PLC code integrity and raise an alarm when they change Security Objective Target Group Integrity of PLC Logic Product Supplier Integration / Maintenance Service...
Small Business Cyber Security Response and Recovery. Part V – Report the incident to the wider stakeholders
How to prepare for a cyber incident, from response through to recovery Part 5 - Report the incident to the wider stakeholders After the cyber security incident has been resolved, the next step is to report its particulars to relevant internal and external...
The Top 20 Secure PLC Coding Practices. Part 5 – Use PLC flags as integrity checks
Put counters on PLC error flags to capture any math problems Security Objective Target Group Integrity of PLC Logic Product SupplierIntegration /Maintenance Service Provider Guidance If the PLC code was working fine but suddenly does a divide by zero,...
Small Business Cyber Security Response and Recovery. Part IV – Resolve the incident
How to prepare for a cyber incident, from response through to recovery Part 4 - Resolve the incident Once you identified what type of cyber attack you have been subject to, collected all the necessary information on it, and contained the incident (these...
The Top 20 Secure PLC Coding Practices. Part 4 – Leave operational logic in the PLC wherever feasible
Leave as much operational logic e.g., totalising or integrating, as possible directly in the PLC. The HMI does not get enough updates to do this well. Security Objective Target Group Integrity of PLC Logic Product Supplier Integration /Maintenance Service...
Small Business Cyber Security Response and Recovery. Part III – Identify what’s happening
How to prepare for a cyber incident, from response through to recovery Part 3 - Identify what's happening In order to be able to mitigate a cyber incident one has to be aware in the first place that a cyber incident has taken or is taking place. It might...