Today, one of the most critical, but least known, procedures in industrial security is the secure development. This article gathers all the best practices for the creation of specific applications and equipment for industrial environments in a secure manner. Security aspects that must take into account both the work done during the design (confidentiality of the company and customers, workers' security...), and the security that the designed product itself must present throughout its life cycle (vulnerability management, access control, input/output management...).
The aim of this article is to address the good practices of secure development, from the perspective of industrial cybersecurity. Although traditional best practices can be applicable to these environments, the fundamental aspects of safety and availability generate different approaches, mainly in aspects related to memory and resource management, update and patch management cycles, etc.
A CI/CD (Continuous Integration/Continuous Deployment) pipeline is an essential tool in modern software development, which allows you to automate and optimize the entire development lifecycle, from code integration to its deployment in production. The article aims to explain security in CI/CD pipelines, motivating readers to adopt automated practices that not only optimize software development, but also minimize the associated risks. Keep in mind that automation carries certain risks if not handled safely, as it can increase the attack surface for cybercriminals. It underscores the importance of implementing security controls at every stage of the pipeline, urging developers to take initiative-taking steps to protect their code, their environments, and ultimately, their final products.
The evolution of communications in society is also having an impact on the industrial world. With the arrival of 5G, many industrial companies have considered migrating some of their communications to take advantage of the characteristics of this new mobile communications band, such as the reduction of latency times, the increase in connection speed or the exponential increase in the number of devices that can be connected to the network. These characteristics fit perfectly with the industrial mentality, where there are a multitude of interconnected devices between which there cannot be a communication cut due to the criticality of the processes they implement.
This article aims to comment, in addition to all the advantages that 5G provides to the industry, the different uses that can be given currently and the complexity of implementing these communications in some devices for subsequent deployment in the industry. Also, to specify possible vulnerabilities in communications using 5G networks.
Software Defined Radio (SDR) is the result of the technological evolution of conventional analogue radio. Its characteristics and operational capability make it a versatile device with both positive and negative applications within the field of cybersecurity.