The increase of malware specifically designed to run on systems that support industrial processes creates a need in the industry that can be partly covered by different technological solutions. This article will focus on the different options available on the market to detect malicious files that aim to modify the operation of industrial environments or simply cause denials of service.
Both portable and agent-deployed solutions can be an option, and this article will reflect on these and other options as well as provide guidelines on when it is best to use one solution or the other.
The evolution of communications in society is also having an impact on the industrial world. With the arrival of 5G, many industrial companies have considered migrating some of their communications to take advantage of the characteristics of this new mobile communications band, such as the reduction of latency times, the increase in connection speed or the exponential increase in the number of devices that can be connected to the network. These characteristics fit perfectly with the industrial mentality, where there are a multitude of interconnected devices between which there cannot be a communication cut due to the criticality of the processes they implement.
This article aims to comment, in addition to all the advantages that 5G provides to the industry, the different uses that can be given currently and the complexity of implementing these communications in some devices for subsequent deployment in the industry. Also, to specify possible vulnerabilities in communications using 5G networks.
Within the industrial world, systems can be detected that do not have all their cybersecurity capabilities activated. This can occur for a variety of reasons, but if detected, each case must be analyzed to get the most out of each device.
The ability to robustly configure programs, services or other nuances within industrial systems is called bastioning and allows, among other things, to prevent assets from having a large exposure to the network or the solutions deployed in the system from having vulnerabilities resulting from misconfiguration.
In this article, we will begin by explaining what hardening is and how to apply it to our industrial network, along with some good practices to follow.
When a security incident occurs in an ICS (Industrial Control System), depending on the severity of the incident, it can generate a serious problem, both at a productive and economic level, as well as in the security of the people working in the industrial system.
Therefore, in this article following the one entitled "Good practices for the recovery of industrial systems (I)", response plans will be discussed from a point of view oriented to current regulations, as well as their applications and necessity in critical industrial environments, such as the energy sector.
When a security incident occurs in an ICS (Industrial Control System), depending on its severity, it can generate a serious problem, both at a productive and economic level, as well as in the security of the people working in the industrial system.
Therefore, in this first article of a series on this subject, we will explain precisely the recovery plans, some general guidelines for their development and some conclusions on the use and applicability of these plans.
Technical reporting is one of the most important parts of the completion of a task, as it reflects the results of all the work done. Moreover, it does not only constitute a final deliverable for a customer, or for the decision-makers within an organization, but also acts as the link between the person or team that has carried out the task and the decision-makers, based on the findings.
The proliferation of cybersecurity incidents in industrial environments has given rise to a huge concern in the various existing sectors. Some of them, such us the energy sector, are choosing the path taking in the banking sector with the TIBER-EU framework. In addition, many governments are allocating large sums of money to their government agencies to develop strategic plans in which that exercises are included
Confrontations between countries no longer only take place in the physical world, in this new decade, these confrontations also move to the cyber world. The conflict between Russia and Ukraine is one of the clearest examples. Among the events that have taken place is the security incident known as Industroyer2, which affected an electrical supplier in Ukraine. The Industroyer2 is the evolution of its predecessor, the malware known as Industroyer, which was able to affect multiple protocols of industrial control systems during its execution. This new variant of the malware focuses on a particular communications protocol, IEC-104, which is widely used in Europe and the Middle East to monitor and control the power system via the TCP/IP communications protocol.
Organisations are exposed to the consequences of cyber threats, and may be ill-prepared to face and manage cyber incidents, whether provoked or unprovoked. For this reason, in 2014 INCIBE launched its Indicators for the Improvement of Cyber Resilience (IMC) model, with the aim of improving and understanding the state of cyber resilience in organisations.
This post presents some lines of action that should be followed to deal with a DrDoS cyberattack based on the ARD protocol, describing in detail the prevention, identification and response phases to follow.