IPS

Contenido IPS

Blog posted on 28/11/2024

This article aims to present a brief example guide for an implementation of the new standard in a supplier's facilities.

Going through the critical points of the standard, a generic use case will be followed to exemplify how a vehicle manufacturer can adapt its processes to comply with the new standard in an efficient and effective way.

By presenting an overview of the standard and production processes, the aim is to provide a brief guide to serve as a starting point and help avoid common failures in industrial environments when faced with new regulations, such as redundancy of effort, inefficiency in resource management and deficiencies in the application of safety measures.

Blog updated on 31/10/2024

Larger scale and complexity industrial control networks present risks, and cybersecurity needs that usually cannot be met by applying a traditional segmentation model. Factors such as the presence of critical obsolete equipment, equipment managed by third parties or the increased presence of IoT technologies that require external connections, are motivating the adoption of more advanced architectures when applying the principle of defense in depth.

Proper segmentation can be a fundamental aspect in preventing attacks, especially in their propagation to essential and critical production assets. It is also important to adapt to the environment to be segmented. It is a common mistake to try to segment networks based on concepts and schemes like the IT environment.

This article will present some new network models and tips to work on a correct segmentation in an environment where different components are involved (OT, IIoT, IT, IoT).

Blog updated on 26/09/2024

The increasing development of malware targeting the industrial world has not halted its momentum in the slightest. Several research groups have detected a new malware called Fuxnet and are currently investigating its scope. This malware has the capability to send specific requests at the serial level, via RS485/MBus, executing floods to more than 87.000 assets, including control systems and integrated sensors deployed across different sectors. Among the infrastructures compromised by this malware, we find hospitals, airports and other critical infrastructures that provide essential services to the population.

Blog posted on 19/09/2024

MITRE Caldera OT stands out mainly for being an open-source tool that allows the simulation of different cyber-attacks in industrial environments. This tool was created by MITRE and CISA (US Cybersecurity and Infrastructures Security Agency), as the experts saw the need to be able to improve and understand cybersecurity in industrial environments without using a high number of resources.

In addition, this tool is designed to be used by both the Red Team and the Blue Team, allowing both teams to collaborate with each other to improve the level of cyber security in these environments.

Blog posted on 08/08/2024

In the field of cybersecurity, CASB systems play a crucial role in providing an additional layer of protection for cloud applications. This approach prevents threats, detects malware, and ensures privacy in a digital environment, thereby addressing the growing need for data protection. 

This article explores how CASB systems work, their key applications, and their benefits in terms of security and privacy, ensuring that applications operate by protecting data in cloud environments and maintaining fine-grained control over cloud operations. From vendor assessment to malicious behavior detection, its versatility extends, offering benefits such as risk mitigation and improved cloud security.

Blog updated on 11/07/2024

UMAS (Unified Messaging Application Services) is a Schneider Electric (SE) proprietary protocol used to configure and monitor Schneider Electric programmable logic controllers (PLCs). While it is true that the protocol is related to this manufacturer, the use of the protocol is quite widespread in different sectors, especially the energy sector, as is obvious.

The article will focus on the technical breakdown of the protocol and the use of the protocol. The article will also show weaknesses, strengths and some technical vulnerabilities detected in this protocol.

Blog posted on 13/06/2024

The UN R155 and UN R156 regulations are of vital importance for vehicle cybersecurity. From July 2022, all car manufacturers that want to be type-approved must comply with both regulations, but from July 2024 this requirement will be extended to all new vehicles sold in the European Union, regardless of when the manufacturer obtained type-approval. One of the most important aspects of compliance with both regulations is the completion of a cybersecurity risk assessment of the vehicle, including all integrated components of the vehicle's supply chain. On the other hand, it also specifies how to incorporate cybersecurity from design, how to detect and respond to incidents, how to securely update vehicle software, etc. 

Blog posted on 02/05/2024

In the electricity sector, it has always been necessary to use robust communications that allow proper communication, since a failure in this sector would cause a large number of losses, both economic and social.

In addition, with the technological advances, it is important also to have secure communications since the electricity sector is one of the sectors that currently suffers the most cyber-attacks. For this reason, in recent years different robust and secure protocols have been created.

One of these protocols is DNP3, created mainly for the use of substation automation and control systems, for the electric utility industry, although it has now also been used for other sectors.

Finally, in this article we want to explain in more depth the operation of this protocol and the benefits or disadvantages of using this protocol.

Blog posted on 18/04/2024

CAPEC (Common Attack Pattern Enumeration and Classification) is a project that focuses on enumerating and classifying common attack patterns on computer systems and providing a systematic approach to understanding and addressing the tactics used by attackers. Like CWE (Common Weakness Enumeration), CAPEC is an initiative of the computer security community and is maintained by the National Institute of Standards and Technology (NIST) in the United States. Recently in version 3.9, the project has incorporated a number of attack patterns related to the industrial world.

This article aims to show the reader the use of these codes, such as those used at the identifier level in CVEs, CWEs, etc., and which are related to many of the jobs that are carried out on a daily basis in the industrial cybersecurity sector.