#6 PLC Best Practices – Validate Timers and Counters

If timers and counters values are written to the PLC program, they should be validated by the programmable logic controller.

Editorial Staff
PLC Tutorials
No Comments
3 Min Read

If timers and counters values are written to the PLC program, they should be validated by the PLC for reasonableness and verify backward counts below zero.

Contents
Security ObjectiveTarget Group
  The integrity of PLC variablesIntegration / Maintenance Service Provider Asset Owner

Validate Timers and Counters

Timers and counters can technically be preset to any value. Therefore, the valid range to preset a timer or counter needs should be restricted to meet the operational requirements.

If remote devices such as an HMI write timer or counter values to a program:

  • do not let the HMI write to the timer or counter directly but go through a validation logic
  • validate presets and timeout values in the PLC

Validation of timer and counter inputs is easy to directly do in the PLC (without the need for any network device capable of Deep Packet Inspection) since the PLC “knows” what the process state or context is. It can validate “what’ it gets and “when” it gets the commands or setpoints.

PLC ON DELAY TIMER FUNCTION

Example

During PLC startup, timers and counters are usually preset to certain values.

If there is a timer that triggers alarms at 1.3 seconds, but that timer is preset maliciously to 5 minutes, it might not trigger the alarm.

If there is a counter that causes a process to stop when it reaches 10,000 but that is set it to 11,000 from the beginning, the process might not stop.

Why?

Beneficial for…?Why?
  SecurityIf I/O, timers, or presets are written directly to I/O, not being validated by the PLC, the PLC validation layer is evaded and the HMI (or other network devices) are assigned an unwarranted level of trust.
  ReliabilityThe PLC can also validate when an operator accidentally presets bad timer or counter values.
  MaintenanceHaving valid ranges for timers and counters documented and automatically validated may help when updating logic.

References

Standard/frameworkMapping
  MITRE ATT&CK for ICSTactic: TA010 – Impair Process Control
Technique:  T0836 – Modify Parameter
ISA 62443-3-3SR 3.5: Input Validation
ISA 62443-4-2CR 3.5: Input Validation
  ISA 62443-4-1SI-2: Secure coding standards
SVV-1: Security requirements testing

Source: PLC Security

Don't Miss Our Updates
Be the first to get exclusive content straight to your email.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

Continue Reading

UPS Working Principle and Types – Offline and Online UPS Systems
Wet Contacts and Dry Contacts in PLC Systems
PLC Question Bank
Animation of Electromagnetic Relay
Exhaust Fan Control: Example of PLC Timer Programming
How to use Masked Move Instruction in PLC
Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Categories

Explore More

Unknown Do’s Need to Know as a PLC Programmer
Setpoints and Alarms in Control System
Allen Bradley PLC Subroutines
Difference Between Solid State Relay and Electromechanical Relay
PLC Memory Organization – Data Files and Program Files
Making Multi Way Switches using PLC
Your First Steps Through STL Language
Always ON and OFF Bit using Ladder Logic and Statement List

Keep Learning

Learn More