Blog

The installation of security tools may be complex sometimes due to different reasons: the complexity of the tool itself, the environment in which it is installed, the necessary settings, etc. This post shows how to implement an IDS solution and how to manage events in a centralised manner by means of an event manager for industrial control systems.

As explained in the first post of this series dedicated to the C4V model, the cyber security level of outsourced services is key to assess the cyber security capabilities of any organisation: It is no use increasing the cyber security levels of an organisation if their suppliers’ levels are not as high, because -it goes without saying that- "security is as strong as its weakest link".

Although in industrial environments, availability is king, integrity is also a factor to be taken into account as data must be transferred in unaltered form. The use of mechanisms such as digital signatures helps with integrity, although it is not so simple to implement in all environments.

These days, many companies provide services which are vital and strategic for those who run a country. So, any perturbation or destruction to these services would have a serious impact on the essential services delivered to the inhabitants. The Spanish PIC law (Protection of Critical Infrastructure) 8/2011 from April 28th classifies as critical the sectors of Administration, Chemical Industry, Information Technology and Communications (ITC), Energy, Financial and tax systems, Food supplies, Health, Investigative systems, Nuclear Industry, Space, Transport and Water. Thus, the companies that manage infrastructures relating to these sectors play a vital role, since they have the responsibility for protecting them.