Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Critical infrastructures
As explained in the first post of this series dedicated to the C4V model, the cyber security level of outsourced services is key to assess the cyber security capabilities of any organisation: It is no use increasing the cyber security levels of an organisation if their suppliers’ levels are not as high, because -it goes without saying that- "security is as strong as its weakest link".
The outsourcing of processes is not something we can consider new. In fact, the contrary is true. And in particular, in terms of how it applies to ICT (Information and Communication Technology), it is common for at least part of our systems to be accessed by third parties or managed directly by third parties.
Although in industrial environments, availability is king, integrity is also a factor to be taken into account as data must be transferred in unaltered form. The use of mechanisms such as digital signatures helps with integrity, although it is not so simple to implement in all environments.
The year 2016 has come to an end and once again we have witnessed an increase in the number of vulnerabilities published affecting control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. The scenario for 2017 is similar to that of the past year.
These days, many companies provide services which are vital and strategic for those who run a country. So, any perturbation or destruction to these services would have a serious impact on the essential services delivered to the inhabitants. The Spanish PIC law (Protection of Critical Infrastructure) 8/2011 from April 28th classifies as critical the sectors of Administration, Chemical Industry, Information Technology and Communications (ITC), Energy, Financial and tax systems, Food supplies, Health, Investigative systems, Nuclear Industry, Space, Transport and Water. Thus, the companies that manage infrastructures relating to these sectors play a vital role, since they have the responsibility for protecting them.
As Francis Bacon famously states: "knowledge is power," but what if, in addition to possessing an abundance of information, it could also be analysed quickly and efficiently? This will be one of the challenges facing Industrial Control Systems, where the processing of information in real time can provide major advantages.
Embedded devices are Los dispositivos embebidos are becoming ever more present in the systems of today; such as end devices, whether cars, industrial machinery or in the areas of health, robotics, etc. Moreover, with the emergence of the Internet of Things (IoT), the use of communication devices and information exchange is expanding even further.