En esta sección se ofrecen contenidos de interés para los profesionales en entornos TO que se ocupan de administrar y mantener aplicaciones, sistemas, equipos de redes, gestión de usuarios y accesos, servicios, soporte técnico y respuesta a incidentes de TO.

Las tareas de estos profesionales son muchas veces análogas a las de los profesionales de TI, con la salvedad de que tratan con sistemas en los que la disponibilidad es a menudo más crítica que la confidencialidad.

Exploring M-Bus, security and efficiency in telemetry communications

Posted on 16/05/2024, by
Decorative photo
The M-Bus protocol is a common protocol in the industry in general, it’s daily use can be related to devices for measurements of electricity, gas, water, heating, etc. This protocol has a wireless variant called Wireless M-Bus and works through a hierarchical master/slave system, standardized according to EN13757.

DNP3 protocol in depth

Posted on 02/05/2024, by
Decorative photo blog
In the electricity sector, it has always been necessary to use robust communications that allow proper communication, since a failure in this sector would cause a large number of losses, both economic and social.In addition, with the technological advances, it is important also to have secure communications since the electricity sector is one of the sectors that currently suffers the most cyber-attacks. For this reason, in recent years different robust and secure protocols have been created.One of these protocols is DNP3, created mainly for the use of substation automation and control systems, for the electric utility industry, although it has now also been used for other sectors.Finally, in this article we want to explain in more depth the operation of this protocol and the benefits or disadvantages of using this protocol.

CAPEC in the ICS world

Posted on 18/04/2024, by
Decorative image
CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.

Are smart cars cybersecure?

Posted on 04/04/2024, by
¿Los coches inteligentes son ciberseguros? Imagen decorativa
The automotive world has always been one of the most cutting-edge sectors in terms of the technology used, which is why today's cars are equipped with technologies such as Bluetooth, NFC, GPS, etc., which improve different aspects such as comfort, fuel efficiency and increased safety.But these implemented technologies can also bring with them serious problems, such as the risk of cyber-attacks that can affect passengers in the vehicle, both at the level of personal data and physical security.For this reason, this article aims to provide an insight into some of the cyber-attacks that smart cars have suffered and how cyber-security is evolving and adapting to make more and more vehicles cyber-safe.

Dragonfly 2.0 mapping on MITRE ATT&CK ICS Matrix

Posted on 21/03/2024, by
Decorative image
Currently, industrial infrastructures are suffering more attacks than ever before, and it is expected that attacks on these types of infrastructures will continue to grow exponentially in the coming years. This is why, throughout this article, an analysis will be made of a group of cybercriminals and their standard attack, showing how information can be obtained on the modus operandi, when and by what tactics and techniques they managed to attack an industrial infrastructure

ICS malware analysis study: BlackEnergy

Posted on 15/02/2024, by
Threat analysis study decorative image
The industrial environment, especially the energy sector, is one of sectors that is suffering the most from cyber-attacks. This trend has been increasing in recent years, as this is one of the most information-sensitive sectors and can cause major problems, both economically and socially.One of the best examples of malware attacks is BlackEnergy. This malware became known for being able to compromise several electricity distributors on 23 December 2015, causing households in the Ivano-Frankvisk region of Ukraine (a population of around 1.5 million) to be without electricity.For this reason, due to seriousness of this type of cyberattacks, it is necessary to continue researching and investing in industrial cybersecurity, to reduce the damage caused by this type of cyber-attack in industrial environments.

NB-IoT the ideal and low-power conection for IIoT

Posted on 08/02/2024, by
Decorative photo about Industrial Internet of Things
IoT networks are very useful for everyday life, but their use is not limited only to this type of environment; there are industrial environments where this type of networks can benefit connectivity between industrial devices and provide capabilities that other types of networks could not. The 3rd Generation Partnership Project or 3GPP developed the NB-IoT protocol, a protocol for when networks with higher performance, higher speed and high interconnectivity capacity between devices are required. This protocol can work both in IoT devices and in IoT devices in the industrial environment (IIoT).

OPC UA, balancing cybersecurity and performance

Posted on 11/01/2024, by
Industrial factory at night
The OPC UA (OPC unified architecture) communication protocol is the most modern standard presented by OPC Foundation. Currently, the OPC UA protocol is one of the most widely used in industrial environments, due to its ability to interconnect different devices, regardless of their base protocol and vendor.Throughout this article, a technical assessment of the protocol will be conducted, explaining in detail the technical capabilities that allow a high level of cybersecurity to be implemented without causing performance losses in the devices. 

Top 20 ICS mitigations during 2023. Part 2

Posted on 28/12/2023, by
Top 20 ICS mitigations during 2023. Part 2
Second part of the Top 20 mitigations for industrial environments. This part will focus on mitigations related to network architecture, industrial protocols, network configuration and vulnerability scanning.

Top 20 ICS mitigations during 2023. Part 1

Posted on 21/12/2023, by
Top 20 ICS mitigations during 2023. Part 1
In the industrial world, there are a large number of systems, equipment, networks, areas, ducts, cloud environments, IT-OT environments, etc. In recent years, the number of attacks on industrial environments has been growing exponentially, and not only on purely industrial environments, but also on corporate environments that are connected to industrial environments. These IT environments being access points for attackers due to this IT/OT connectivity.

Is it secure to charge your vehicle in publics places?

Posted on 02/11/2023, by
¿Es seguro cargar tu vehículo en lugares públicos?
The automotive sector is currently moving towards electric consumption, as society is becoming more and more aware of the problems that environmental pollution can cause.One of the big challenges of this trend is how to charge electric vehicles, for which charging points are currently used.But like most of today's technological devices, they will also need to have access to an Internet connection in order to be able to monitor in real time the use of the station, the customer's banking information, etc.For this reason, in this article we want to talk about the different risks or cyber-attacks that these charging points may suffer and the problems they may cause, as this is a very important sector for society and one that is capable of managing very sensitive information 

CVSS V4.0: steps for an advanced vulnerability assessment

Posted on 19/10/2023, by
CVSS V4.0: avanzando en la evaluación de vulnerabilidades
The arrival of the new version of CVSS (Common Vulnerability Scoring System) covers some deficiencies related to the assessment of vulnerabilities in the industrial world. The introduction of changes in the way of scoring different vulnerabilities, the incorporation of new metrics for elements of the industrial world such as "Safety" or the service recovery of a device, are some of the new features introduced in version 4 of the CVSS.This article will analyze the new features brought by version 4.0 and its increased accuracy when assessing vulnerabilities in industrial environments for a better adequacy of the scores given.