background preloader

Appliedrisk

Facebook Twitter

Applied Risk B.V.

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat.Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats.

Industrial Internet Emerging Security Challenges. The Industrial Internet concept has evolved over the last decade to encompass interconnected systems that combine hardware, software and networking capabilities to sense and control the physical world.

Industrial Internet Emerging Security Challenges

These industrial control systems contain embedded sensors, processors and actuators that provide the capability to serve specific operational purposes and transforming how businesses operate. With the adoption from various industries and acceleration of various deployments just in the last few years, the results are so far promising as performance is better, deployment is faster and operational tasks that support the physical process are now increasingly smarter. According to analyst Gartner, there will be 26 billion IoT and M2M devices by 2020, which is an indication of the level of scale and complexity associated with industrial internet. So far we have already witnessed hacking PoC against IoT devices deploying botnets, malware and ransomware type of attacks.

Risk and Vulnerability Assessment. Things You Need To Know About IEC 62443 Standards. Vulnerability/Threat Assessments And Risk Analysis. A certain level of risk is associated with various threats and is faced by almost all the facilities.

Vulnerability/Threat Assessments And Risk Analysis

The cause of these threats may be intentional acts, accidents or natural events. Notwithstanding the nature of threat, facility owners have a responsibility to mitigate the risk to the possible extent. Facility owners need to develop and implement a security risk management methodology. It has to be in adherence to Interagency Security Committee standards along with supporting the security needs of the business. Threat Assessments A threat assessment takes into consideration every aspect of threat for a given location. 3 Ways You Can Create A Cyber Security Culture At Work.

Cybersecurity Video 2: Culture Is King We don’t need to tell you that culture is really hard to change.

3 Ways You Can Create A Cyber Security Culture At Work

But you can use it to your advantage. Listen to experts from Emerson Human Capital explain ways to use culture to influence cybersecurity behaviors. Or watch all five of our videos on cybersecurity: Visit our w duration 4:02 published 22 Apr 2016 updated 22 Apr 2016 views 137 Watch hackers break into the US power grid A power company in the Midwest hired a group of white hat hackers known as RedTeam Security to test its defenses. Multiple Vulnerabilities in MOXA ioLogik E1200 Series. In this blog post, we cover the main security issues found on the ioLogik, and describe the process for reverse engineering the firmware and analyzing the embedded device for potential bugs and vulnerabilities.

Multiple Vulnerabilities in MOXA ioLogik E1200 Series

The MOXA ioLogik E1242 industrial Ethernet remote I/O comes with two switched Ethernet ports with Modbus/TCP slave, EtherNet/IP scanner mode and RESTful API for IIoT applications support. Courtesy: MOXA Reverse Engineering the firmwareFirst of all, let’s check if the firmware is signed and encrypted. Indeed, the firmware is not encrypted and definitely there are some strings of interest. The first one is eCos, which is the name of comparatively rare operating system for embedded platforms. The last few strings are also interesting and demonstrate SNMP passwords, such as “public”, “admin”, “user”, “private”.

Let’s have a look if binwalk could help here: As mentioned above there is a file system which is claimed itself as RomFS. However there is no such strings in firmware. The NSA Hack and New Zero-Day Vulnerabilities: What Does It Mean For Your OT Infrastructure? Operational technology (OT) and in particular Industrial Control Systems (ICS) have increasingly become a lucrative target for various threat actors.

The NSA Hack and New Zero-Day Vulnerabilities: What Does It Mean For Your OT Infrastructure?

The recent news headlines highlighted how zero-day vulnerabilities in popular network security equipments discovered by the NSA have been released by a hacker group. The initial revelations from the leaked files indicate the NSA developed tools which took advantage of vulnerabilities in the equipment of major vendors such as Cisco, Fortigate, Huawei, and Juniper to intercept traffic which passes through a network. There are currently no known public reports that indicate if these exploits are already in the wild. ICS/SCADA Security Assessment & Penetration Testing. Applied Risk’s comprehensive ICS/SCADA Security Assessment and Penetration Testing service helps organisations to protect critical infrastructure by identifying and validating known security vulnerabilities for both public-facing and internal resources.

ICS/SCADA Security Assessment & Penetration Testing

Our highly-skilled, industry-recognised consultants work closely alongside organisations to produce customised testing and assessment services to protect assets against threats. Having identified the key risks, we effectively mitigate these threats. Our ICS Cyber Security Awareness Training. Our ICS Cyber Security Awareness Training will empower your employees.

Our ICS Cyber Security Awareness Training

IEC 61850: Are Your Substations Secure? In a rapidly growing world, the demands for substation automation are increasing.

IEC 61850: Are Your Substations Secure?

Cyber security need and deployment of IEC 61850 have been key topics changing Substation Automation Systems landscape. The interconnectivity and level of grid automation, as well as IT/OT convergence are introducing a new era of challenges for electrical facilities. In the meantime, security issues for the power industry have become increasingly important topic internationally, and particular in the light of the Ukrainian electric grid hack.

The IEC 61850 protocols standard enable interaction with other systems. This allows devices in the power grid to communicate with each other using common IT (Ethernet) based networks. Establishing a Comprehensive ICS Security Framework. Industrial Control Systems security can be a complex requirement for many businesses already faced with ensuring control systems uptime and resilience.

Establishing a Comprehensive ICS Security Framework

Embedded Security Assessment. The Industrial Internet of Things revolution requires devices to be connected in order to communicate sensitive information.

Embedded Security Assessment

From Safety Critical Systems, Industrial Devices through to Consumer Products, a security breach could cost a company its reputation or could even lead to the loss of life. Against this backdrop, Embedded Security needs to become a vital component of any new embedded product. In many cases, it needs to be retro-fitted to existing systems. Industrial Automation and Control Systems Security. Applied Risk has, for many years, pioneered and led the Process Control and Industrial Automation Security space. This activity has helped asset owners, operators and suppliers to address the risks and challenges of process control security and design. With a wealth of threat intelligence and situational awareness options, our security training covers the full spectrum of clients’ critical asset requirements. Our IACS solution consists of five key elements: IEC 61850: Are Your Substations Secure?