Sarah Fluchs, CTO at Admeritia, joins the Aperture podcast to discuss the Top 20 Secure PLC Coding Practices List. Written for engineers by engineers, the list provides recommendations that can be used to securely design and code programmable logic controllers (PLCs).
The first iteration of the list was published in 2021, and since then, its core group of maintainers has grown to 75 and more than 1,000 engineers and experts registered as contributors.
The list has been prominent referenced in training materials and other resources, including the NATO guide for protecting automation and control systems, and MITRE is considering integrating the list into its CWE database.
In this episode, Sarah discusses secure PLC programming, how the list was developed, and how it should be used by engineers and security practitioners.