PLC Secure Coding Practices (and the consequences of not following these practices)

Stage 2

Secure coding practices in workstation and server applications are known to prevent easily identified vulnerabilities. This same issue exists for the people who write code for PLC’s and other Level 1 devices, and most who do PLC coding don’t understand the security ramifications. Like much of ICS / OT it is about 10 years behind good security practices in IT.

Jake Brodsky will provide a top ten list of tips and tricks to take the best advantage of the OT firewalls, the internal PLC integrity features, and how to avoid bugs in the PLC code that could be exploited. These are practices for the OT staff to use to review the code with vulnerabilities that may be lurking in the PLC. It is also a good place to set up a solid interface between the controllers where OT staff often are afraid to tread.

Secure Design & Dev