Perhaps, given the many important cybersecurity leaks and intrusions in recent years involving everything from social media accounts to critical infrastructure and classified military secrets, the attention paid to the Aurora vulnerability has not been proportional to its seriousness and systems affected. This is because it affects almost every electrical system in the world, and potentially any rotating equipment, whether it generates energy or is essential for an industrial or commercial installation. If the threat is so widespread, why isn’t the industry more worried and actively looking for solutions? From this article various possible reasons for this are given.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
The main security standards and best practice guidelines in industrial cybersecurity include as a requirement the need for a user authentication system. The options involve implementations in each device of this system or being integrated into a centralised user authentication system. One of the most-used options is the use of the LDAP protocol, but there are a number of points to consider in the design phase, which are key when implementing a specific centralised user management system for industrial control systems, under LDAP.
In recent years there has been an increase in interconnectivity between devices thanks to the Internet of Things (IoT). This has affected all sectors, including industry, which has been involved in an era of connectivity of industrial devices. This concept is known as the Industrial Internet of Things (IIoT).
A BusyBox is software or a program that combines several functionalities in a small executable. This small tool was created for use in integrated operating systems with very limited resources, and they are usually used in control systems. But, as in all tools, you have to know what security level they have and if it can be improved.
In the industrial world there are many communications including radio communications. This article aims to inform the reader about these types of communications available and some concepts to consider. Also, about cases of cyberattacks that have been detected in order to prevent them in the future.
The union of the IT and OT worlds is unstoppable, which means that the cybersecurity strategy, traditionally focused on the IT field, must now include aspects related to the industrial world. Having a good cybersecurity strategy is essential for IC systems to survive in this new era.
Control system networks have grown immensely in recent years, something similar to what happened with the explosion of IT networks in the 1980s. This growth is happening somewhat chaotically, promoted mainly by productive needs and by the lack of joint definition of network administration managers for IT and OT, instead of doing it by thinking of the future, scalability and security.
The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.
ICS environments are made up of very heterogeneous machines, with large differences depending on the system we are dealing with. Some of these systems have very strict response time requirements for their correct operation and therefore use real-time operating systems. Throughout this article we will see what real-time operating systems are, how they work, and we will propose hardening measures to reduce the likelihood that these devices will suffer a cyberattack.
Over time, different communities of experts related to the world of industrial cybersecurity have realised the challenge of calculating the CVSS (Common Vulnerability Score System) for vulnerabilities in industrial environments. This article aims to show the alternatives proposed by experts, such as RSS-MD, TEMSL and IVSS in order to correctly calculate their severity in the industrial environment.