A recent post at DarkReading, The Ongoing Struggle to Protect PLCs (pardon the author’s reference to “Stuxnet”) on the vulnerability of PLCs has prompted a reminder that PLCs don’t have to stay woefully insecure. The author generally reviews the challenges that have plagued PLCs and lightly discusses “best practices” toward resilience. However, this seemed like a great opportunity to remind members of twenty practical applications toward securing PLCs – the Top 20 Secure PLC Coding Practices.

The Top 20 Secure PLC Coding Practices are intended to be used by automation engineers and technicians that program and maintain PLCs. Each practice includes guidance, examples, benefits, and reference mappings to the MITRE ATT&CK® for Industrial Control Systems and IEC 62443. (To my knowledge) the Top 20 Secure PLC Coding Practices remain the only one of its kind guidance to secure the inherently insecure-by-design PLCs. If you haven’t already, get this guidance into the hands of your engineers and operators today!