Blog
Blog
The Top 20 Secure PLC Coding Practices. Part 3 – Track operating modes
Keep the PLC in RUN mode. If PLCs are not in RUN mode, there should be an alarm to the operators. Security Objective Target Group Integrity of PLC Logic Integration / Maintenance Service Provider Asset Owner Guidance If PLCs are not in RUN mode (e.g.,...
Small Business Cyber Security Response and Recovery. Part II – Prepare for incidents
How to prepare for a cyber incident, from response through to recovery Part 2 - Prepare for incidents Identify critical assets, systems, and contacts Critical assets Establish what type of digital information is necessary to allow your enterprise to continue...
The Top 20 Secure PLC Coding Practices. Part 2 – Modularise PLC code
Split PLC code into modules, using different function blocks (sub-routines). Test modules independently. Security Objective Target Group Integrity of PLC Logic Product Supplier Guidance Do not program the complete PLC logic in one place e.g., in the main...
Small Business Cyber Security Response and Recovery. Part I – Introduction
Part 1 - Introduction These days most businesses rely on computers and the internet to do business. As they do so they become more and more dependent on the digital information they store, use and exchange within the business and to interact with other...
The Top 20 Secure PLC Coding Practices. Part 1 – Introduction
For many years, the workhorses of industrial automation as some call the Programmable Logic Controllers (PLCs) have been insecure by design. Several years into customising and applying best practices from IT gave rise to secure protocols, encrypted...
Small Business Cyber Resilience Improvement Guide. Part VI – Avoiding phishing attacks.
Part 6 - Avoiding phishing attacks A phishing attack is a social engineering tool combined with technology.The most common type is an email that is sent with the intent to obtain privileged information (such as access to various accounts) or containing links...
Proactive Approach to Incident Response. Part 4 – Practicing your Incident Response plan
The last three articles covered the topics of an efficient and effective Incident Response plan, the importance of cross-training your IT / OT teams and the necessity of creating a Security Baseline for your OT environment. Today we will cover the topic of...
Small Business Cyber Resilience Improvement Guide. Part V – Using passwords to protect your data.
Part 5 - Using passwords to protect your data Passwords are an important step in keeping your and your customers’ information safe and when used correctly prevent unauthorised access. Here are five tips to remember when setting and using passwords: Remember...
Proactive Approach to Incident Response. Part 3 – Establishing OT Security Baseline
In previous articles, we covered the importance of an IR plan and cross-training of your IT and OT teams. Today we will focus on Establishing OT Security Baseline Baseline is the minimum-security requirements needed for the OT environment to be sufficiently...
Small Business Cyber Resilience Improvement Guide. Part IV – Keeping your mobile devices safe.
Part 4 - Keeping your mobile devices safe Here are five tips to help you keep your smartphones and tablets safe: Enable PIN or password protection Tracking, locking, and wiping of lost or stolen devices Keep your device up to date – and let your staff know...