Home / Segmented / OT/ICS systems and networks administration

OT/ICS systems and networks administration

This section provides content of interest to professionals in OT environments involved in managing and maintaining applications, systems, network equipment, managing users, access and services, technical support and OT incident response.

The tasks of these professionals are often similar to those of IT professionals, except that they deal with systems where availability is often more critical than confidentiality.

space satellite

ICS’S future is in the space

Posted on 03/20/2023, by INCIBE
There are areas where the deployment of an industrial plant requires satellite communications such as those provided by VSAT (Very-Small-Aperture Terminal) technology. This technology allows the exchange of information through an antenna made up of different terminals, installed in remote locations with the connection capacity of a central hub, thanks to a satellite. Obviously, this technology has a cost that not all companies can afford, but it covers coverage needs in places where there are no other communication options. This type of communications is not only widespread in the industry, but its also sometimes used by banks to perform banking transactions at ATM’s. These communications are not so well known by many experts in the industrial sector, and it can be a good opportunity to bridge the knowledge gap so that readers can learn more about the advantages and disadvantages of VSAT communications.
Tags: 
Critical infrastructures
Industrial Control System
Networking
Services deployment
Decorative image Virtual Power Plants: ‘The Internet of Energy’

Virtual Power Plants: ‘The Internet of Energy’

Posted on 03/16/2023, by INCIBE
Energy efficiency alternatives are nowadays on everyone’s lips given the energy crisis that is plaguing the vast majority of European regions. In Spain, the energetic companies are following alternatives based on the use of different technologies to solve problems as complex as such as the management of surplus energy in some infrastructures. One of the alternatives that seems to have greater depth within the sector is the use of Virtual Power Plant (VPP). This new concept of energy management makes it possible to interweave different energy sources into a single flow of electricity demand, managed through a global solution that is usually deployed in the cloud due to the amount of data that has to be processed. The management system proposed by Virtual Power Plant is simple: Take advantage of surplus energy from microgrids to balance supplies to infrastructures that need this energy. With this gesture, large distributors can take advantage of up to almost 100% of the power within all infrastructures, such as electric vehicle chargers, solar farms, wind turbine farms, etc.
Tags: 
Critical infrastructures
Networking
Smart Grid
Virtualization
Hacked screen detected

Tactics and techniques of the bad guys in SCI

Posted on 03/07/2023, by INCIBE
Industrial Control Systems (ICS) were initially designed to work in sealed environments and as stand-alone systems, interconnections between systems were scarce, as were safety protections. The constant evolutions in the field of ICS, including the inclusion of a large number of communication protocols, IIoT devices, the expansion of interconnections, an incessant search for interoperability between systems and the inclusion of these architectures in critical systems, has meant that the networks on which these industrial control systems, has meant that the networks on which these industrial control systems are built, also known as control networks, have increased their security exponentially.
Tags: 
Antiforensic
Best practices
Critical infrastructures
Cybercrime
DevOps
Incident
Industrial Control System
Malware
Phishing
Social engineering
Studies & stats
Threat intelligence
Threats
Virtualization
Windows
dos hombres con unidades de almacenamiento

System hardening: the case of Linux

Posted on 03/02/2023, by INCIBE
Knowing the resources available when performing tasks of hardening a system, will allow us to optimize the time necessary to obtain a safer system. In addition, we have the possibility of using tools capable of auditing the system that identifies those configurations that are considered safe and which ones we could implement.
Tags: 
Android
Antivirus
Bastioning procedures
Biometrics
Cloud computing
Firewall
Identity management
IDS/IPS
IIoT
Incident
iOS
Linux
Networking
OSINT
SIEM
Social engineering
Virtualization
Windows
Wireless
Hands with a controller

The importance of radio frequencies in industry

Posted on 02/23/2023, by INCIBE
In industrial environments there are a multitude of technologies, manufacturers, communications, etc. This article will reflect a small part of the protocols that use radio frequency (RF) communications. Thanks to these wireless communications, operators in the industrial world can send a simple order to obtain information on the status of a sensor or execute control orders in the industrial environment. The importance of a good implementation, in terms of cybersecurity of these communications, is quite high since, on occasions, some of the attacks that have been investigated have an impact on the physical world, giving rise to incidents that can even result in fatalities.
Tags: 
Best practices
Cybercrime
Incident
Industrial Control System
Wireless
Decorative image red team sports

Red Team in mysterious waters

Posted on 02/16/2023, by INCIBE
The proliferation of cybersecurity incidents in industrial environments has given rise to a huge concern in the various existing sectors. Some of them, such us the energy sector, are choosing the path taking in the banking sector with the TIBER-EU framework. In addition, many governments are allocating large sums of money to their government agencies to develop strategic plans in which that exercises are included
Tags: 
APT
Bug hunting
Continuity
Critical infrastructures
Cybercrime
Data protection
Incident
Industrial protocol
Networking
Pentesting
Threat intelligence
Threats
Vulnerability
Factory drawing

Industroyer2, the ampere strikes back

Posted on 02/09/2023, by INCIBE
Confrontations between countries no longer only take place in the physical world, in this new decade, these confrontations also move to the cyber world. The conflict between Russia and Ukraine is one of the clearest examples. Among the events that have taken place is the security incident known as Industroyer2, which affected an electrical supplier in Ukraine. The Industroyer2 is the evolution of its predecessor, the malware known as Industroyer, which was able to affect multiple protocols of industrial control systems during its execution. This new variant of the malware focuses on a particular communications protocol, IEC-104, which is widely used in Europe and the Middle East to monitor and control the power system via the TCP/IP communications protocol.
Tags: 
APT
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Cybercrime
Embedded systems
IIoT
Industrial protocol
SCADA
Smart Grid
Threats
Vulnerability
Windows
Image of a programmable logic controller

Secure programming techniques for PLC

Posted on 02/02/2023, by INCIBE
The programming of PLCs is a fundamental part of the initial phases when building and designing industrial plants. About that environment, the company will base all its operations in that environment making the configuration of these controllers a critical element. When it comes to programming these devices there are a series of steps and best practices that take advantage of the native functionalities available and that involve little or no need to resort to a PLC programmer, protecting the device in a simple way with minimum spend on resource.
Tags: 
Best practices
Firewall
HMI
IDS/IPS
IIoT
Industrial Control System
Industrial protocol
IoT
Policies
Safe development
SCADA
Services deployment
SIEM
Studies & stats
Threats
Virtualization
Vulnerability
Wireless
Crystal ball 2023

What to expect from the industrial cybersecurity in 2023?

Posted on 01/26/2023, by INCIBE
In the year 2022 and as is reflected in the article “Industrial Security 2022 in numbers”, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year. Especially in the industrial sector, the number of attacks has grown exponentially due to the massive introduction of IoT devices (it is expected to go from 13.5 to 21.5 million connected devices in three years) or more specifically about IIoT devices, which have been the main gateway for attacks as manufacturers have prioritized features and mass-production of devices over the security. In addition, this is compounded by planned obsolescence planned (increasingly present in this type of devices), increased interoperability and connectivity and the appearance of new types of malware and exploits which are much more effective.
Tags: 
APT
Critical infrastructures
IIoT
Industrial Control System
Phishing
SCADA
Smart Grid
Social engineering
Threats

Pages