The industry is increasingly calling for experts in security, and the business world is not capable of meeting that demand due to the lack of trained professionals. This is not a problem that solely affects Spain; it also affects the whole of Europe and the U.S.A. But, what is it that is asked of industrial security experts?
The Simple Network Management Protocol or SNMP, used in most industrial devices, went from an information exchange protocol related to device configuration to an actual configuration control protocol. Manufacturers add far too many functionalities for SNMP in their devices. These functionalities are often unknown by operators so they do not pay much attention to the hardening of this protocol.
The architecture of our industrial control systems is not as static as it was some years ago. The adapting of new standards, or simply trying to improve the security of our industrial networks, creates the need to introduce one or various firewalls within our network. Thinking about having to change a network's architecture, the IP of our devices, tests, etc. when introducing a new firewall often leads to the bad decision to not install it. But, do we know about transparent firewalls and how they can be installed with almost no impact in our network? These solutions have advanced a lot in the industry and may be a true plus to our security.
The evolution of industrial systems towards an almost complete automation entails new challenges in communications. New functionalities acquired by the process, such as the use of digital relays to manage emergency interruptions, are transmitted by the communications network and this cannot fail. Given this need for zero tolerance to any failure, the redundancy offered by the HSR and PRP protocols can be a key factor.
Industry 4.0 integrates a large amount of devices used to provide the industrial processes with more intelligence. Among said devices we can find many different types of equipment such as drones or robots that perform specific tasks or tasks requiring precision. The use of these devices –quite well known nowadays– has certain implications for the security of control systems.
Remote accesses to control devices from networks outside the company are a major problem but, what about direct accesses made thanks to the accessibility of the device? This article explains the concept of hardware hacking and the hazards for the industry.
Alarm bells ringing again –a new malware threats industrial networks. After the attack suffered in Ukraine with BlackEnergy and the failures occurred at the beginning of the year, other new malware is added to the list of attackers of industrial control systems started by Stuxnet
Carrying out an intrusion test or vulnerability analysis in a control system can prove complex due to availability. This is where testbeds come into play. They reproduce production environments and can be of great assistance to researchers and security analysts
Virtualization is a technology that sooner or later will settle in the control systems, as was the case with corporate systems. The moment the impact that it may cause on the process is minimum and a proper security level may be guaranteed, it will be time to implement the virtualization of control systems.