After having analysed the "why" behind the cybersecurity capacities evaluation model in the first entry dedicated to the C4V model and after having explained how to carry out an appropriate management of risks in the value chain in the second edition, this third edition is dedicated to explaining how to carry out an evaluation of ourselves.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Critical infrastructures
Industry 4.0 integrates a large amount of devices used to provide the industrial processes with more intelligence. Among said devices we can find many different types of equipment such as drones or robots that perform specific tasks or tasks requiring precision. The use of these devices –quite well known nowadays– has certain implications for the security of control systems.
Remote accesses to control devices from networks outside the company are a major problem but, what about direct accesses made thanks to the accessibility of the device? This article explains the concept of hardware hacking and the hazards for the industry.
Alarm bells ringing again –a new malware threats industrial networks. After the attack suffered in Ukraine with BlackEnergy and the failures occurred at the beginning of the year, other new malware is added to the list of attackers of industrial control systems started by Stuxnet
Carrying out an intrusion test or vulnerability analysis in a control system can prove complex due to availability. This is where testbeds come into play. They reproduce production environments and can be of great assistance to researchers and security analysts
Credentials can be described as the basic information required to access any device. Sharing and using privileged credentials within control systems is a common task that must be controlled to minimise potential exposure or leakage of information.
The installation of security tools may be complex sometimes due to different reasons: the complexity of the tool itself, the environment in which it is installed, the necessary settings, etc. This post shows how to implement an IDS solution and how to manage events in a centralised manner by means of an event manager for industrial control systems.
Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.
As explained in the first post of this series dedicated to the C4V model, the cyber security level of outsourced services is key to assess the cyber security capabilities of any organisation: It is no use increasing the cyber security levels of an organisation if their suppliers’ levels are not as high, because -it goes without saying that- "security is as strong as its weakest link".
The outsourcing of processes is not something we can consider new. In fact, the contrary is true. And in particular, in terms of how it applies to ICT (Information and Communication Technology), it is common for at least part of our systems to be accessed by third parties or managed directly by third parties.