Blog

The outsourcing of processes is not something we can consider new. In fact, the contrary is true. And in particular, in terms of how it applies to ICT (Information and Communication Technology), it is common for at least part of our systems to be accessed by third parties or managed directly by third parties.

New control methods of energy distribution needs have required new communication ways, which have been many tines solved with new protocols. A security review to avoid unauthorized Access to private information is one task of main power companies.

Although in industrial environments, availability is king, integrity is also a factor to be taken into account as data must be transferred in unaltered form. The use of mechanisms such as digital signatures helps with integrity, although it is not so simple to implement in all environments.

The use of Ethernet communications in different automation systems along with the increase in IT standards in the industrial world are bringing the worlds of IT and OT ever closer, both at a technological and communication level. From this convergence emerge communication standards like PROFINET, which we shall analyse in this article.

The security of a system is fundamentally based on knowledge of the communications developed therein. For this reason, network analyzers are indispensable elements that allow us to identify the information exchanged between elements and discover relevant information, such as erroneous implementations of the stack of some protocols, possible information leaks, non-defined communications, etc.

Traditionally, malware creates files, copies of itself or additional malware that is dropped into different locations of the system it compromises, able to do so with similar names to legitimate files, with the aim of being passed off for as long as possible.

Sometimes it is necessary to make some adjustments to control system devices, which leads to a reprogramming of PLC, RTU and similar devices. Reprogramming is a complicated step in terms of security and if the process is not adequately executed, the entire process of which the device is a part may be at risk.

El aim of Cybersecurity Highlights service is to gather all relevant news related to cybersecurity through the year. This is the article that summarizes those news that have been more important in 2016.

The year 2016 has come to an end and once again we have witnessed an increase in the number of vulnerabilities published affecting control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. The scenario for 2017 is similar to that of the past year.