#18 PLC Best Practices – Store PLC Hard Stop Events from Faults

Store PLC hard stop events from faults or shutdowns for retrieval by HMI alarm systems to consult before PLC restarts. Time sync for more accurate data.

Security ObjectiveTarget Group
MonitoringIntegration / Maintenance Service Provider

PLC Hard Stop Events

Fault events indicate why a PLC shut down so that the issue can be addressed before a restart.

Some PLCs may have error codes from the last case where the PLC faulted or shut down improperly. Record those errors and then clear them. It might be a good idea to report those errors to the HMI as informational data or perhaps to a sys-log server if those features and that infrastructure exist.

Most PLCs also have some kind of first scan feature that generates events. It is a behavior that nearly all PLC equipment have in some form. It is basically one or more flags, or a designated routine that is executed on the first scan of a PLC after it “wakes up.” This First Scan should be logged and tracked.


Beneficial for…?Why?
  SecurityLogs enable troubleshooting in case of an incident.

Before a PLC becomes operational, especially after having experienced problems, it is important to ensure it is trustworthy.
  ReliabilityLogs are also good sources for debugging if the event was not caused maliciously.


MITRE ATT&CK ICSTactic:  TA009 – Inhibit Response Function
Technique: T0816 – Device Restart/Shutdown
ISA 62443-3-3SR 7.6: Network and security configuration settings
ISA 62443-4-2CR 7.6: Network and security configuration settings
MITRE CWECWE-778: Insufficient Logging

Source: PLC Security

Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

Leave a Comment