Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices. • Check it out!

  • English
    • Deutsch
    • Español
    • Français
    • Italiano
    • Português
    • 中国人
    • 中國人
    • 한국인
  • Why Claroty
  • Products
    • Platform
      • Comprehensive Platform Overview
      • Claroty Edge
      • Continuous Threat Detection
      • Secure Remote Access
      • Request A Demo
    • Integrations
      • Firewalls
      • Network Access Control
      • SIEM
      • SOAR
      • CMDB
      • OEM
  • Industry Solutions
    • Energy
    • Consumer Products
    • Critical Manufacturing
    • Pharmaceutical
    • Water Utilities
  • Partners
    • Claroty Focus Program
    • Find a Partner
    • Become a Partner
    • Partner Login
  • Resources
    • Biannual Report
    • Case Studies & Use Cases
    • Whitepapers
    • Data Sheets
    • Integration Briefs
    • Support
    • Podcasts
    • Events & Webinars
  • About
    • Leadership
    • Careers
    • Contact Us
    • News
    • Press Releases
  • Blog
  • Team82
  • Contact Us
  • English
    • Deutsch
    • Español
    • Français
    • Italiano
    • Português
    • 中国人
    • 中國人
    • 한국인
  • Why Claroty
  • Products
    • Platform
      • Comprehensive Platform Overview
      • Claroty Edge
      • Continuous Threat Detection
      • Secure Remote Access
      • Request A Demo
    • Integrations
      • Firewalls
      • Network Access Control
      • SIEM
      • SOAR
      • CMDB
      • OEM
  • Industry Solutions
    • Energy
    • Consumer Products
    • Critical Manufacturing
    • Pharmaceutical
    • Water Utilities
  • Partners
    • Claroty Focus Program
    • Find a Partner
    • Become a Partner
    • Partner Login
  • Resources
    • Biannual Report
    • Case Studies & Use Cases
    • Whitepapers
    • Data Sheets
    • Integration Briefs
    • Support
    • Podcasts
    • Events & Webinars
  • About
    • Leadership
    • Careers
    • Contact Us
    • News
    • Press Releases
  • Blog
  • Team82

Aperture Podcast: Top 20 Secure PLC Coding Practices List

Share:

By Michael Mimoso | Sept. 29, 2021

Programmable logic controllers (PLCs) are often the last line of defense protecting industrial processes, yet they contain glaring programming gaps that leave them insecure by design.

Increased connectivity to the internet of industrial devices and processes have magnified their exposure to external attackers and added urgency to the need for secure programming.

In this episode of Claroty’s Aperture Podcast, Martin Scheu and Dirk Rotermund of the Top 20 Secure PLC Coding Practices project join to discuss how engineers can integrate secure coding practices into PLC programming.

Download this episode of the Aperture podcast here

The group’s list of 20 secure coding practices was released in June and is available as a free download. It’s a 44-page document that not only lists theses practices, but also offers detailed guidance for each, and specifies where they map within certain frameworks, such as MITRE ATT&CK.

In this discussion, you’ll learn more about how this project came together, the current state of PLC security by design, where current cybersecurity gaps exist, and how engineers can best make use of the guidance provided in the list of secure coding practices, as well as vendors, suppliers, and system integrators.

“Process control systems were always connected, but now they are connected to the business side of a factory. These connections went very fast. The OT lifecycle is 15 years or maybe more, and everything is thinking in these timeframes,” Scheu said. “The IT side, in terms of ransomware, just came too fast and now we are trying to catch up.”

One of the main challenges impeding progress around improved PLC cybersecurity is the lack of awareness and institutional knowledge around the practice.

“Some of our clients have no idea. They don’t say that they want it. You have to sell it to them. It’s unbelievable,” Rottermund said. “The asset owners don’t ask for secure coding or security. … Industries like steel and other production industries don’t really want it. It costs a lot and why should we do this? You have to sell it. And that’s a problem.”

The project hopes its efforts will crack open the black box that are PLCs and introduce secure coding practices such as input validation, hashing to insure the integrity of PLC builds, and the disabling of unnecessary communication ports and unused protocols—all of which reduce the attack surface on a PLC.

Subscribe, rate, and review the Aperture podcast on all major platforms, including Apple Podcasts and Spotify.

Share:
Claroty 2022
Terms & Conditions
Privacy Policy

Products

  • Comprehensive Platform Overview
  • Continuous Threat Detection
  • Secure Remote Access
  • INTEGRATIONS
  • Firewalls
  • Network Access Control
  • SIEM
  • SOAR
  • CMDB
  • OEM

Industry Solutions

  • Energy
  • Consumer Products
  • Critical Manufacturing
  • Pharmaceutical
  • Water Utilities

Partners

  • Claroty Focus Program
  • Find a Partner
  • Become a Partner
  • Partner Login

Resources

  • Resource Library
  • Case Studies & Use Cases
  • Data Sheets
  • Integration Briefs
  • Videos & Webinars
  • Whitepapers

About

  • Leadership
  • Careers
  • Contact Us
  • News
  • Press Releases
  • Events and Webinars
  • Advanced Services Terms & Conditions