After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.
In this post we explain the update made in the IMC model to continue improving its approach and applicability to companies.
In this blog post we detail the new PGP keys generated by INCIBE-CERT to establish secure communication channels with different audiences.
Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.
The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.
Electric charging stations are increasingly used in urban furniture in cities. Electric cars and their need to be charged are a reality. Because of this, there is an increase in supply points that depend on specific protocols and communications for these stations.
The union of the IT and OT worlds is unstoppable, which means that the cybersecurity strategy, traditionally focused on the IT field, must now include aspects related to the industrial world. Having a good cybersecurity strategy is essential for IC systems to survive in this new era.
The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.
Trips across the ocean have changed over the years with the arrival of the industrial revolution and information technology, among other things, making technology its best ally, both to automate their navigation and to control their location from land-based stations. However, this total dependence on technology brings with it important security issues that need to be addressed with the importance they deserve.
The problems originating from the application of patches in an industrial setting have consequently led to them being rejected by the operators. For years they were practically abandoned, but thanks to the support from security companies and IT departments they are now receiving their due credit.