Top 20 Secure PLC Coding Practices

Secure Coding Practices don't exist for PLCs? Thing of the past! Today is the launch day of the Top 20 Secure PLC Programming Practices. It contains distilled wisdom of hundreds of PLC programmers, engineers, and security experts. Download: plc-security.com

My workshop at @brucon is about to start!

New use cases for Siemens and Grantek are up for and available for download. These use cases are helpful for referencing which practices your peers are implementing. #application_notes" target="_blank" rel="nofollow noopener">plc-security.com/index.html#app…

@dietersar @PatrickCMiller @bengoerz @brysonbort @BEERISAC @chrissistrunk @ICS_SCADA @icscybernz @jfslowik @ControlsCyber @shipulin_anton @hacks4pancakes @magg_py @Marmusha @ics_Marty @R1ngZer0 @arnaudsoullie @M_Vingaard @montaelkins @DreamFighter22 @lvandenaweele Thank you for spreading the word 🙏🏽

@PatrickCMiller @bengoerz @brysonbort @hailtruck @BEERISAC @chrissistrunk some of these: @ICS_SCADA @icscybernz @securePLC @jfslowik @ControlsCyber @shipulin_anton @hacks4pancakes @magg_py @Marmusha @ics_Marty @R1ngZer0 @arnaudsoullie @M_Vingaard @montaelkins @DreamFighter22 @lvandenaweele to name some - don't be offended if you're not on this list...

Muy buen post de @SarahFluchs respecto a qué es y qué no es el proyecto Top20 Secure PLC Coding Practices, y algunos detalles sobre lo que sucedió desde que salió a la luz: fluchsfriction.medium.com/one-year-of-to… Vale la pena recordar que desde @info_CCI colaboramos en la versión en Español

Starting to apply the Top 20 secure PLC coding practices does not need to be a daunting task. Integrating secure coding into your cybersecurity practice will take some time to align the culture. A sample vendor policy example is now available for download. #download" target="_blank" rel="nofollow noopener">plc-security.com/#download

One year since the Top 20 @securePLC Coding Practices have been published! It's a good time to clarify a few things: What the Top 20 are, what they are not, and what you should do with them (as an asset owner, integrator, or vendor). fluchsfriction.medium.com/one-year-of-to…

Just discovered there is a graphic recording of my talk on PLC code security at the SANS ICS Summit, thanks @MindsEyeCCF & @SANSICS !

…and a brand new one focused on the Top 20 Secure PLC Coding Practices (👋 @securePLC ) on Friday afternoon forum.defcon.org/node/241810 & eventbrite.com/e/arnaud-soull…

If we understand (ICS) security by design as integrating security into an existing engineering workflow, I expected us to end up with.....some new kind of workflow. Well...we didn't. Here's a first intro to our security by design decisions approach. link.medium.com/Xb2aJi5Lprb

The German translation of the Top20 Secure PLC Coding Practices is now available!

GRANTEK's application use case can be downloaded here: plc-security.com/content/Integr… And there's also an application note template free to use for anyone on our website: #application_notes" target="_blank" rel="nofollow noopener">plc-security.com/#application_n…

Many of our Secure PLC Coding Practices cannot be implemented by operators. So we've been working with integrators and vendors who want to share how they implement the Top 20 in "application notes". GRANTEK is the very first integrator to share their approach. Applause! 🥳🥳

That's a big milestone we've been working towards. It's been difficult to get vendors and integrators to join the conversation on PLC security. I hope many others will follow GRANTEK's example. Asset owners will love you for being transparent about PLC security, I promise!

PLC TOP20 training is on at #S4x22 with Vivek & Josh ! Let's spread the best practices

The Top 20 Secure PLC Coding Practices are now available in Spanish!Don't you agree that "Prácticas seguras de codificación de PLC" sounds way more elegant? ❤️🇪🇸 Thanks to CENTRO DE CIBERSEGURIDAD INDUSTRIAL for the translation! plc-security.com/content/Top_20…

In 2020, @scadateer said about secure PLC programming at @S4xNews: "Nobody learns this at school." 2 years later, here's proof of @A_Valencia_Gil teaching the Top 20 @securePLC coding practices. At school. Yay! 🥳

Top 20 in Turkish! 🤗🇹🇷