Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.

Post related to: Industrial Control System

Guide for an asset inventory management in industrial control systems

The first step in securing industrial control systems is making an inventory containing all the assets involved in the process. With this information, the inventory can be used to properly manage vulnerabilities, which will make it possible to take the necessary measures to solve and mitigate them.

Tags:

Industrial Control System

NTP, SNTP and PTP: what time synchronization do I need?

Time synchronization in industrial devices is a critical factor. In terms of time, industrial processes and the programming logic of industrial devices have specific needs. These may require specific accuracy that determines the need to use one protocol or another, as well as dependencies on cost or on the network infrastructure itself. Explaining the main differences is key when using one or another in industrial infrastructures. Just as each protocol has different nuances, there are certain differences to be taken into account within security.

Tags:

Industrial Control System

Industrial protocol

Networking

Evolving towards secure Modbus

The Modbus protocol, in its TCP version, was not developed with cybersecurity capabilities in its communications. For this reason, many researchers have studied the different possibilities that could be undertaken at the technical level to incorporate a security layer in it, giving rise to a new version of Modbus/TCP called secure Modbus/TCP, which will gradually begin to be implemented in industrial communications.

Tags:

Bastioning procedures

Industrial Control System

Safe development

Industrial security 2019 in figures

Throughout the year 2019, we have worked on the detection, treatment and preparation of notices related to cybersecurity in industrial environments, classifying them based on the sector, manufacturer, criticality, etc. This article summarises this work and makes a brief prediction of the events that will take place in 2020.

Tags:

Critical infrastructures

Incident

Industrial Control System

Threats

Vulnerability

Secure use of communications and protocols at charging stations

Electric charging stations are increasingly used in urban furniture in cities. Electric cars and their need to be charged are a reality. Because of this, there is an increase in supply points that depend on specific protocols and communications for these stations.

Tags:

Bastioning procedures

Critical infrastructures

Industrial Control System

Industrial protocol

Policies

Safe development

5G for the new connected industry

Wireless networks are constantly evolving. As a result, 5G technology is born, continuing the roll-out of mobile phones and other associated services. This new technology is in an advanced stage of development and is already included in a multitude of next-generation devices. In fact, its deployment applied to mobile networks is already being done in numerous major cities in our country.

Tags:

Industrial Control System

IoT

SIEM deployment in OT environments

Today, it is common to find SIEM deployed in the IT infrastructures of all kinds of organisations, to be able to monitor and analyse security alerts in applications, systems, network devices, etc. However, though time and resources are being invested in industrial environments, it is still unresolved.

Tags:

Bastioning procedures

Forensics

IDS/IPS

Industrial Control System

SIEM

Threat intelligence

Industrial honeypot implementation guide

The honeypots, the recommended requirements for their correct implementation, the different possible types and their evolution until today, where they are implemented forming a honeynet.

Tags:

Industrial Control System

SIEM

Aurora vulnerability: origin, explanation and solutions

Perhaps, given the many important cybersecurity leaks and intrusions in recent years involving everything from social media accounts to critical infrastructure and classified military secrets, the attention paid to the Aurora vulnerability has not been proportional to its seriousness and systems affected. This is because it affects almost every electrical system in the world, and potentially any rotating equipment, whether it generates energy or is essential for an industrial or commercial installation. If the threat is so widespread, why isn’t the industry more worried and actively looking for solutions? From this article various possible reasons for this are given.

Tags:

Bug hunting

Critical infrastructures

DFIR

Incident

Industrial Control System

Threats

Vulnerability

My industrial devices support LDAP, now what?

The main security standards and best practice guidelines in industrial cybersecurity include as a requirement the need for a user authentication system. The options involve implementations in each device of this system or being integrated into a centralised user authentication system. One of the most-used options is the use of the LDAP protocol, but there are a number of points to consider in the design phase, which are key when implementing a specific centralised user management system for industrial control systems, under LDAP.

Tags:

Bastioning procedures

Firewall

Identity management

Industrial Control System