INCIBE-CERT

Today, one of the most critical, but least known, procedures in industrial security is the secure development. This article gathers all the best practices for the creation of specific applications and equipment for industrial environments in a secure manner. Security aspects that must take into account both the work done during the design (confidentiality of the company and customers, workers' security...), and the security that the designed product itself must present throughout its life cycle (vulnerability management, access control, input/output management...).The aim of this article is to address the good practices of secure development, from the perspective of industrial cybersecurity. Although traditional best practices can be applicable to these environments, the fundamental aspects of safety and availability generate different approaches, mainly in aspects related to memory and resource management, update and patch management cycles, etc.

This article aims to present a brief example guide for an implementation of the new standard in a supplier's facilities.Going through the critical points of the standard, a generic use case will be followed to exemplify how a vehicle manufacturer can adapt its processes to comply with the new standard in an efficient and effective way.By presenting an overview of the standard and production processes, the aim is to provide a brief guide to serve as a starting point and help avoid common failures in industrial environments when faced with new regulations, such as redundancy of effort, inefficiency in resource management and deficiencies in the application of safety measures.

A  CI/CD (Continuous Integration/Continuous Deployment) pipeline is an essential tool in modern software development, which allows you to automate and optimize the entire development lifecycle, from code integration to its deployment in production. The article aims to explain security in  CI/CD pipelines, motivating readers to adopt automated practices that not only optimize software development, but also minimize the associated risks. Keep in mind that automation carries certain risks if not handled safely, as it can increase the attack surface for cybercriminals. It underscores the importance of implementing security controls at every stage of the pipeline, urging developers to take initiative-taking steps to protect their code, their environments, and ultimately, their final products.