Industrial Cybersecurity by Logitek Competence Center

Logotype of Logitek
Name
Industrial Cybersecurity by Logitek Competence Center
Short description

The mission of Industrial Cybersecurity by Logitek Competence Center (ICYCC) is to offer support to research, development and demonstration of solutions and technologies linked to industrial cyber-security.

Photos of the laboratory
Description

Logitek is a company with more than 30 years of experience in the market. Their mission is to advise the industrial and infrastructure sectors on the optimum management of the generation and use of information in real time, selecting and providing the best solutions and services. 
Present in Spain, Rumania and the United Arab Emirates, Logitek responds to the current challenges associated with these sectors through five Areas: High Availability, Industrial Communications, Industrial M2M, Real time Management and Industrial Cybersecurity. Their clients include companies linked to the energy, water, transport, infrastructure, food and drink and pharmaceutical sectors.

Industrial Cybersecurity by Logitek was created as a new consultancy Area within Logitek in order to help their clients to improve the security levels of their processes, systems and infrastructures within the OT (Operation Technology) environments. In addition, internally it offers its services transversally to the other Areas. 

The Industrial Cybersecurity by Logitek Competence Center (ICYCC) was set up within this Area with the mission to provide support to the research, development and demonstration of technological solutions linked to industrial cyber-security.
The ICYCC is divided into three areas:

  • OT Network CyberLab simulates an industrial network into which different devices and systems are integrated and in which pentesting is possible.
  • High Availability CyberLab demonstrates the most appropriate technologies for increasing the availability of the industrial systems.
  • Profibus/Profinet CyberLab provides the compression of the PROFIBUS and PROFINET technologies.

OT Network CyberLab

Description:

The OT Network CyberLab simulates an industrial network into which different devices and systems are integrated and in which pentesting is possible.
This demo environment includes levels 1 and 2 of the automation pyramid described in the ISA-95 standard (level 1, field devices and level 2, HMI/SCADA systems). In addition, it has included communication servers based on the OPC and OPC UA specification in order to permit secure integration between both levels.

Different technologies have been included in the same space, related to industrial cyber-security, and which help to increase the security of these environments. These include the DPI (Deep Packet Inspection) industrial firewalls, data diodes, antimalware off-line solutions, performance-based industrial IDS and VPN servers.

Basic components:

  • Field devices: Siemens S7-1200, Omron CP1L-EL20DR-D, LKRemote, Moxa NPort.
  • Industrial protocols used: Modbus OPC Server, DNP3 OPC Server, SNMP OPC Server, OPC UAthrough the KepserverEx platform by Kepware.
  • HMI/SCADA systems: InTouch by Wonderware.
  • Pentesting systems: 
    • Visibility of devices and networks: PLC Scanner, ModScan, Software 232Analyzer, Wireshark (OT Protocols), NMAP
    • Software vulnerabilities: OpenVAS, Industrial IDS
    • Attacks on credentials: THC Hydra
    • WiFi penetration: AirCrack-ng, Kismet
  • Industrial network fortification systems: Tofino DPI Firewall Industrial by Hirschmann.
  • Industrial network protection systems: Data diode by FOX IT.
  • Antimalware off-line solutions: PortableSecurity and SafeLock by TrendMicro.
  • IDS industrial solutions: ICSSilent by SecMatters.
  • VPN solutions: Eagle Device by Hirschmann and Fortigate 40C by Fortinet.

What can the laboratory user do?

  • Programme logic models in the field devices.
  • Develop and interact with the SCADA systems.
  • Configure an OPC server and create OPC tunnels on the UA (Unified Architecture) specification providing security to the OPC communications.
  • Test the efficiency of the DPI industrial firewalls in blocking unauthorised requests on devices and/or industrial protocols.
  • Study the working of data diodes and their ease of configuration.
  • Make denial-of-service attacks, spoofing, poisoning, hijacking, etc. on the control devices and HMI /SCADA systems.
  • Confirm the efficiency of the antimalware offline solutions on infected virtual machines.
  • Scan the industrial network in order to analyse the types of vulnerabilities in existence and how these can be detected using non-invasive intrusion detection solutions.
  • Access control devices via VPN (locally).
  • Encapsulate insecure protocols such as Modbus, using typical IT technologies such as the VPN.

High Availability CyberLab

Description:

Availability is a key factor in industrial environments. To increase the availability of the systems supporting the industrial processes there are different solutions which adapt to the idiosyncrasy of the operation environments.
In the laboratory the user can interact with change management systems that permit the tracking of users who develop and/or modify an industrial system (PLC, RTU, HMI, SCADA, Controller, etc…), management of the versions of the configuration files of these devices, automation of the backup & restore policies and documentary management.

They can also check the operation of management solutions for architectures based on Thin Clients. These technologies permit instant failover between RDS servers, the management of network redundancy (Thin Clients two network cards), the quick replacement of Thin Clients from console and the management of IAAA diagrams in light applications.

Lastly, it is possible to analyse the working of fault tolerant servers. These servers offer the highest existing availability in the protection of critical mission applications whose service level must be 24/7. While traditional high availability solutions offer recovery times that may be too long, fault tolerant servers operate in “Lockstep” mode, permitting zero recovery time in the event of a hardware or applications fault.

Basic components:

  • Change management system and automation of backup copies of industrial devices (PLC, RTU, controller, SCADA, HMI): Autosave SW by MDT.
  • Thin Clients safe architecture management solutions: ACP Thin Manager.
  • High availability solutions for hardware equipment: FTServer and EverRun by Stratus.

What can the laboratory user do?

  • Check the efficiency of the change management systems by accessing an environment formed of a Siemens PLC and a Wonderware SCADA system.
  • Verify the facility and advantages of using the Thin Clients architecture integral management platforms .
  • Configure the FTServer by running redundancy tests on the systems.

Profibus/Profinet CyberLab

Description:

This laboratory offers technical support to professionals linked to PROFIBUS and PROFINET devices and systems. 

There is a demo area with more than 40 devices from 15 different manufacturers, which can be used to provide support, training or demonstrations. 

Basic components:

  • Profibus/Profinet devices by Siemens, Brad, Procentec, SMC, ABB, Hitachi, Phoenix Contact, Beckhoff, Deutchman, B&R, Woodhead, etc…
  • ProfiTrace 2 (Profibus Troubleshooting Kit Ultra Pro), used to analyse Profibus networks.
  • Netilities (Profinet Analizer), used to analyse Profinet networks.
  • COMBricks Std, used for remote online monitoring of Profibus networks.
  • ProfiTap, connector to Ethernet networks.
  • PN1 TESTER, used to analyse interference of Profinet cables.
  • B1 REPEATER, Profibus repeater.

What can the laboratory user do?

  • Understand and configure the Profibus and Profinet technologies.
  • Run noise and interruption analysis of the Profibus and Profinet networks.
  • Configure devices that permit the remote analysis of the status of the Profibus/Profinet networks.
  •  Analyse the status of the physical medium on which the Profibus and Profinet devices communicate.
Legal Status
Private
Economic condition
Payment service
Address
Ctra. de Sant Cugat, 63, escalera B, planta 1ª
Location
Rubí
District
Barcelona
Sector - Subsector
Chemical Industry
EnergyElectricity
EnergyGas
EnergyHydrocarbons
Food
Nuclear Industry
Space
TransportAir
WaterWater treatment
Services

Access to the three areas described above to perform the activities indicated. In any case, the laboratory and/or tests to be run can be personalised to suit each situation.

  • Proposal of architectures of reference: Design of secure OT architecture to permit optimum performance levels to be reached, and aligned with the idiosyncrasy of the organisation.
  • Design of control model: Design of control model structured by domains and considering different models of maturity (3MCSI)
  • Definition of policies and procedures: Definition of policies, procedures, standards and better practices, supported by the best practices for the sector (NIST, NERC-CIP, ISO, ISA) which will help to implement them more easily and effectively.
  • Integral development of the PSO and the PPE (CIPA): For the PSO, defining the operator's general security policy and its governance framework; identifying the essential services provided; introducing a risk analysis methodology and developing criteria for the application of integral security measures. In the case of the PPE, defining the organisation of the security associated with the critical operator; describing the general data, assets, elements and interdependences of the infrastructures that have been designated as critical; identifying the internal or external, physical or logical, intentional or random threats; detailing the security measures and risk values and providing the measures to be applied to protect the critical assets as a consequence of the results obtained in the risk analysis.
  • Support services for the critical operator in the development of certain aspects of the PSO and the PPE: The critical operator determines the degree of involvement of the consultants from Industrial Cybersecurity by Logitek, giving details of the aspects they wish to develop jointly.
  • IT&OT Brokering: Coaching sessions to facilitate communication between the departments involved in the IT and OT management of security.
  • Awareness sessions: Sessions to demonstrate the risks associated with not having an industrial cyber-security programme, and the costs and profits that may result from having such a programme.
  • Intensive course in Industrial Cyber-security. Concepts, attacks, countermeasures and procedures: This intensive two-day course structured into 18 sessions will enable end clients to understand the scope of industrial cyber-security, the risks and threats they may face in their daily operations and will help them to put the recommendations proposed during the course into practice. In addition, system integrators have the opportunity to acquire essential knowledge for understanding the requirements of the end clients and offer them the best possible solution in each situation.
  • Course in secure communications and industrial and telemetry protocols: One-day course which looks at the methods for making industrial and telemetry protocols secure.
  • Hacker tools and configuration of countermeasures in OT environments: One-day course examining how to perform pentesting on OT environments.
  • Introduction to the CIPA: The critical operator is offered a personalised and practical guide to help them prepare both their PSO and the PPE. This involves an initial consultancy day to find out more about the designated critical infrastructures, followed by a one-day training session.
  • Analysis and audit of security in industrial networks and SCADA. ICYbyLK has developed a methodology named MAASERISv2.1 (Methodology for the Analysis and Audit of Security of Industrial Networks & SCADA) which permits the analysis of the current status of the OT environment (industrial networks) from the security view point, makes a study based on 8 dimensions, provides a thorough analysis of the principal threats and vulnerabilities associated with the OT environment and provides an operative risk assessment.

For further information: https://promo.ciberseguridadlogitek.com/auditoria-ciberseguridad-industrial/

  • Deployment, start-up and training of antimalware technology for OT environments
  • Deployment, start-up and training of SNMP Monitor technologies
  • Deployment and start-up of network electronic devices for secure remote access to the OT environment
  • Installation, deployment and start-up of DPI industrial firewalls
  • Installation, deployment and start-up of devices for protocol whitelisting 
  • Installation, deployment and start-up of Data Diode
Physical components available
  • OT Network CyberLab
  • High Availability CyberLab
  • Profibus/Profinet CyberLab
  • VPN solutions: Eagle Device by Hirschmann and Fortigate 40C by Fortinet.
  • Field devices: Siemens S7-1200, Omron CP1L-EL20DR-D, LKRemote, Moxa NPort.
  • Profibus/Profinet devices by Siemens, Brad, Procentec, SMC, ABB, Hitachi, Phoenix Contact, Beckhoff, Deutchman, B&R, Woodhead, etc…
  • Industrial network fortification systems: DPI Industrial Firewall Tofino by Hirschmann.
  • Industrial network protection systems: Data diode by FOX IT.
  • ProfiTrace 2 (Profibus Troubleshooting Kit Ultra Pro), used to analyse Profibus networks.
  • Netilities (Profinet Analizer), used to analyse Profinet networks.
  • COMBricks Std, used for the online remote monitoring of Profibus networks.
  • ProfiTap, connector to Ethernet networks.
  • PN1 TESTER, used to analyse interference of Profinet cables.
  • B1 REPEATER, Profibus repeater.
Software components available
  • HMI/SCADA systems: InTouch by Wonderware.
  • Change management system and automation of back-up copies of industrial devices (PLC, RTU, controller, SCADA, HMI): Autosave SW by MDT.
  • Thin Clients secure architecture management system: ACP Thin Manager.
  • Industrial protocols used: Modbus OPC Server, DNP3 OPC Server, SNMP OPC Server, OPC UA through the KepserverEx platform by Kepware.
  •  Pentesting systems:
    • Visibility of devices and networks: PLC Scanner, ModScan, Software 232Analyzer, Wireshark (OT Protocols), NMAP
    • Software vulnerabilities: OpenVAS, Industrial IDS
    • Attacks on credentials: THC Hydra
    • WiFi penetration: AirCrack-ng, Kismet
  • Off-line antimalware solutions: PortableSecurity and SafeLock by TrendMicro.
  • Industrial IDS solutions: ICSSilent by SecMatters.
  • High availability solutions for hardware equipment: FTServer and EverRun by Stratus.