The lab

What is it?

The Laboratory of Industrial Cybersecurity is our fundamental structure. Here we conduct tests of cybersecurity of the components, systems, processes and different technologies of the industrial field that are susceptible to being exposed to a cyberattack.The Laboratory of Industrial Cybersecurity is our fundamental structure. Here we conduct tests of cybersecurity of the components, systems, processes and different technologies of the industrial field that are susceptible to being exposed to a cyberattack.

It is an open space of collaboration with companies and agents that work in the sector of industrial cybersecurity.

The infrastructure of the Laboratory allows reproducing industrial systems, networks and processes of concrete companies to generate real simulations.


 

Activities

Demonstration of industrial processes

Our Laboratory is a place of training and learning. It is useful for the experimentation and self-training of the staff of the industrial companies of Gipuzkoa, technological centers, knowledge centers and of the academic field, as well as universities and vocational schools.

We count with automation and control devices that allow simulating any industrial process, as well as security devices, with the objective of analyzing the response in the face of possible cyberattack scenarios. In order to do this, with count with:

  • In-person laboratory. Based on mockups that collect and control variables of a real industrial process through hardware equipment. Here we can simulate situations of cyberattacks that affect the industrial processes and see how to reinforce them through industrial cybersecurity solutions.
  • Virtual laboratory. Presents the inferior level, even until the 2nd level, of the Purdue model based on a software simulation.

Network security

Regarding the security of industrial networks, our Laboratory is oriented towards:

  • Trying out new measures and functionalities of cybersecurity developed or implemented in industrial networks.
  • Assessing and testing proposals developed by different manufacturers in order to respond to the same cybersecurity threat and being able to compare them.
  • Trying out new cybersecurity tools for automation and control systems, in order to verify their efficacy in an industrial environment and comparing them.
  • • Checking what impact do different network architectures and protection measures have in the industrial process.

Our Laboratory counts with a flexible infrastructure to accommodate an elevated number of network elements and reproducing the industrial processes that are more frequent in the industry of Gipuzkoa.

Industrial cybersecurity

We carry out verification tests on components or on the components or on the complete automation and industrial control systems.

We study the cybersecurity of a component, system or product taking into account how it is deployed in an industrial plant. The final objective is to detect which weaknesses does the carried out implementation mode have. Moreover, we assess the most ideal configurations for each component and system.

This way, we can test vulnerabilities or attacks on concrete systems and try to replicate the consequences, analyzing the previous steps and the results to create commitment indicators, tactics, techniques and attack methods (IoC and TTP).

Product security

We are able to carry out low level analysis of the operation components of the industrial processes that are closer to the line of production (from the sensorial to the management network) and other equipment that are going to be connected to the industrial network, counting with different technologies such as PLC, RTU, HMI, SCADA or MES.

Our laboratory allows:

  • Testing and evaluating cybersecurity functionalities or measures developed to improve the intrinsic security of the components of automation and control systems.
  • Testing, evaluating and comparing the proposals of different manufacturers for the same functionality related to cybersecurity.

From ZIUR, we have developed an assessment methodology of cybersecurity in an industrial product, under which different controls are analyzed. The objective is to count with a first diagnosis analysis of the cybersecurity of an industrial product that afterwards allows the manufacturer, accompanied by the specialized companies of the cybersecurity sector, to advance in the consecution of security levels that are adequate to the context of the sector of activity to which their product is directed to.

Our collaboration allows the industrial companies of Gipuzkoa to assess the cybersecurity of the products that they manufacture as well as the devices that are going to implement in their production systems.

We test:

  • Cybersecurity technologies
  • The industrial companies’ own or acquired products
  • Components
  • Systems

At the Laboratory you will be able to:

  • Test a product that you have acquired
  • Carry out a pilot project
  • Develop R&D projects