The suggested approach follows:
IF no communication is required to the PLC,
IF the PLC interaction rate allows for encryption AND encryption does not interfere with an FSM wrapper,
|Low||No special protection is used for the PLC.|
Encryption: Encryption takes substantial time. For a PLC that has to interact in real-time with feedback times on the order of microseconds, encryption isn't fast enough in most cases to allow both the necessary PLC computations and the encryption to take place in time to meet the demands of the control signal timing.
Restricted access network zone: Such a zone reduces the sources that can be used to directly influence and observe PLC inputs and outputs. When such a zone is available, it should be used unless there is a reason not to use it.
Use a custom FSM wrapper for the PLC input: A custom FSM for the input of a PLC provides a means by which all inputs can be checked for validity in the context of the expected machine state. This provides a high degree of certainty that unauthorized and unanticipated input sequences cannot appear at the PLC input.
Use a digital diode to exfiltrate PLC data: A digital diode can be used to prevent output channels from being used for input to a high degree of certainty. This will normally require protocol alterations, such as TCP to UDP and UDP to TCP proxies on sending and receiving sides of the diode in order to interface with technologies that depend on 2-way transport.
Do not connect the PLC to the network: When the situation has consequences too high to risk connection, it should be run in an isolated manner.