New control methods of energy distribution needs have required new communication ways, which have been many tines solved with new protocols. A security review to avoid unauthorized Access to private information is one task of main power companies.
Although in industrial environments, availability is king, integrity is also a factor to be taken into account as data must be transferred in unaltered form. The use of mechanisms such as digital signatures helps with integrity, although it is not so simple to implement in all environments.
The use of Ethernet communications in different automation systems along with the increase in IT standards in the industrial world are bringing the worlds of IT and OT ever closer, both at a technological and communication level. From this convergence emerge communication standards like PROFINET, which we shall analyse in this article.
The security of a system is fundamentally based on knowledge of the communications developed therein. For this reason, network analyzers are indispensable elements that allow us to identify the information exchanged between elements and discover relevant information, such as erroneous implementations of the stack of some protocols, possible information leaks, non-defined communications, etc.
Sometimes it is necessary to make some adjustments to control system devices, which leads to a reprogramming of PLC, RTU and similar devices. Reprogramming is a complicated step in terms of security and if the process is not adequately executed, the entire process of which the device is a part may be at risk.
The asset inventory is one of the key tools used to be able to adequately protect control systems and is necessary for other security measures such as risk analysis, network segmentation or patching and updating.
Industry 4.0 is a state of development in the management and organisation of the entire value chain process in the manufacturing industry. This article examines the relationship between cybersecurity for industry 4.0 and the challenges that lie ahead for it in advanced manufacturing.
Control system standards are being updated in order to support and regulate emerging features in these environments. One of the most consulted standards and used as an example in industrial control systems, the ISA99, has also evolved into the IEC 62443 thanks to the International Electrotechnical Commission.
El framework abierto y de uso más extendido para la comunicación y puntuación de vulnerabilidades, el CVSS (Common Vulnerability Scoring System) ha sido actualizado incorporando mejoras en una nueva version: CVSS 3.0
En artículos anteriores se ha hablado de mecanismos de control de acceso básico y obligatorio (SELinux). También se han descrito las bases de la autenticación basada en contaseñas. En este nuevo artículo hablaremos de plataformas que aúnan autenticación y control de acceso en una sola tecnología.