#15 PLC Best Practices – Safe State when PLC Restarts

Define safe states for the process in case of PLC restarts (e.g., energize contacts, de-energize, keep the previous state).

Editorial Staff
PLC Tutorials
No Comments
3 Min Read

Define safe states for the process in case of PLC restarts (e.g., energize contacts, de-energize, keep the previous state).

Security ObjectiveTarget Group
ResilienceProduct Supplier Integration / Maintenance Service Provider

Safe State when PLC Restarts

If something commands a PLC to restart in the middle of a working process, we should expect the program to pick up smoothly with minimal disruption to the process. Make sure that the process it controls is restart-safe.

If it is not practical to configure the PLC to restart safely, be sure that it alerts you to this fact and that it does not issue any new commands.

Also, for that case, ensure that the Standard Operating Procedures (SOP) have very clear instructions for setting the manual controls so that the PLC will start up the process properly.

Also, document all start-up, shut-down, steady-state control, and flying control system restart procedures.

Allen-Bradley PLC

Why?

Beneficial for…?Why?
          SecurityEliminates potential unexpected behavior: The most basic attack vector for a PLC is to force it to crash and / or restart. For many PLCs, it is not that hard to do, because many PLCs cannot cope well with unexpected inputs or too much traffic.

While there are several diagnostics for controller actions while it is running, how it handles startup up with a running process is usually not clear. This may be uncommon, but it is a basic attack vector if we take into account the malicious behavior of an attacker.
ReliabilityAvoid unexpected delays: If after a PLC power on, the state machine initializes to a state with some conditions that don’t let the process to start, and the operator cannot normalize the system.

A technician would need to enter the PLC program to force the conditions to go to the desired state to be able to start operation. This could cause delays and production losses.
Maintenance/

References

Standard/frameworkMapping
MITRE ATT&CK ICSTactic:  TA009 – Inhibit Response Function
Technique:  T0816 – Device Restart/Shutdown
ISA 62443-3-3SR 3.6: Deterministic Output
ISA 62443-4-2CR 3.6: Deterministic Output
ISA 62443-4-1SVV-1: Security requirements testing

Source: PLC Security

Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

Continue Reading

SFC Language in PLC Programming
CX Programmer Example: Perfume Mixing and Filling System
Process Interlocks and Trips
PLC Program for Controlling a Water Pump with 3 Power Sources
PLC Program for Alarm Security System
PLC Wiring Questions for Technicians and Engineers
Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Categories

Explore More

How to Use the Shift and Rotate Instructions in PLC?
What are Analog and Digital Signals? Differences, Examples
PLC Sequencer Instruction with Example
PLC Program for Temperature Control using Thermostat
How to Convert Current to Voltage using Resistor ?
Tia Portal – OB121 Programming Errors Interrupt Organization Block
RSLogix 5000 PLC Programming Procedure
Interconnection between PLC, MCC, LCP & Pumps – Video

Keep Learning

Learn More