Aiming to support research and development of projects related to security in SCADA, and to meet our clients’ internal and external needs, S21sec has recently inaugurated a laboratory with the most appropriate resources, technology and tools.
We mentioned it some months ago, without entering into details. Sporadically, other posts of this blog have also made reference to it. Now, we wish to officially introduce some of the goals with which the project began:
- Assessment of the security status of on-site equipment and SCADA software. It is important to have an in-depth knowledge of the previous state of our clients’ equipment and applications in their facilities. Performing this type of analysis directly on the environments and devices is very often impossible – we promise you a post with real results very soon. The lab conditions provide us with a realistic work model and the guarantee that no damage will be done to the real infrastructure. Also, the client finds this procedure much safer and productive. For us, the assessment process is much easier, since:
- Physical risk elements present in the environment are notably reduced. One example is connecting inside an energy plant in maintenance mode, which is not easy at all.
- Risks for the original infrastructure are diminished.
- It allows empirical studies in real time of various configurations to obtain different security assessments.
We will be publishing in the next posts some of the results that are already available. Specifically, a post on the Byres Security’s device Tofino will be published soon.
Elyoenai Egozcue and Iñaki López