Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List Artwork

Nexus: A Claroty Podcast

Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders, researchers, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments. Nexus is formerly known as Aperture.

All Episodes

Nexus: A Claroty Podcast

Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List

September 30, 2022 • Claroty • Season 1 • Episode 38

Sarah Fluchs, CTO at Admeritia, joins the Aperture podcast to discuss the Top 20 Secure PLC Coding Practices List. Written for engineers by engineers, the list provides recommendations that can be used to securely design and code programmable logic controllers (PLCs).
The first iteration of the list was published in 2021, and since then, its core group of maintainers has grown to 75 and more than 1,000 engineers and experts registered as contributors.
The list has been prominent referenced in training materials and other resources, including the NATO guide for protecting automation and control systems, and MITRE is considering integrating the list into its CWE database.
In this episode, Sarah discusses secure PLC programming, how the list was developed, and how it should be used by engineers and security practitioners.