In recent years, the concept of machine learning has gained more prominence, mainly driven by advances in parallel computing capacity. More and more developments, applications and programs are using these algorithms to provide systems with greater security, intelligence and independence. However, it’s rarely used in industrial environments, although some recent tests and developments prove its effectiveness, including in the scope of detection and prediction of cyber attacks.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: SCADA
The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.
The continuity of the production process in businesses that require industrial automation depends more and more on the proper functioning, safety and reliability of the system of that composes it. Therefore, conducting tests of acceptance of its operation prior to its commissioning, is vital to ensure that the systems acquired meet the requirements set out in the contract between the company and the manufacturer.
Standard 62443 arose as a development the ISA 99 standard to fully cover security within control systems. Divided into several parts, each refers to different aspects related to security. The IEC 62443-3-3 standard refers to system security requirements and security levels.
This post will analyse the vulnerabilities associated with Log4Shell, detected in the library Log4j, which is found in infinite software products both in technical and industrial fields. Although there have been other instances of more sophisticated vulnerabilities, the problem with this one is area of exposure.
Not all industrial control systems operate with the same programming language given that, depending on the manufacturer, devices will work with a specific software and programming language. This may be a problem for plant managers in industrial systems, as the interconnectivity between devices becomes impossible, or at least, is further complicated. One solution that has emerged in order to connect systems from different operating systems is CORBA standard and CORBAsec, its development with added security.
Due to the problems and limitations of analogue radio communications, the Digital Mobile Radio (DMR) standard has emerged as one of the main solutions in the voice and data industry; it offers new features and improved characteristics in terms of communication quality, performance and security.
It is necessary to protect the main business processes through a set of tasks that allow the organisation to recover from a major incident in a timeframe that does not compromise the continuity of its services. This ensures a planned response to any security breach.
In recent years we have witnessed the evolution of the electrical grid and the development of new technologies produce what we know today as the smart grid. This evolution continues to this day and the trend seems to point to greater interconnection between end consumers and the grid, which increases possible attack vectors. Over the course of this article, we shall see the security measures that will be used in the electrical grid of the future.
This post presents some lines of action to be followed in the case of having fallen victim to Ekans ransomware. It describes in detail the prevention, identification and response phases to be carried out.