Ads 468x60px

Featured Posts

15 April 2019

ISA-95 levels for Industrial Systems



One of the first certification exams I applied was the ITIL Foundation 8 years ago, where I learnt about IT Service Management (ITSM). Afterwards, I worked for Ariadnex to get ISO 20000, where I learnt more about IT Service Management. I also worked for Ariadnex to get ISO 27001, where I learnt a lot about Information Security. These last two years I’ve also been working with PCI-DSS and ISO 22301. I mean, I think reading standards and applying best practices is important, and much of the time, mandatory to do a good job.

Today, I want to write about a new standard I’m reading lately. It’s the ISA99 standard. I didn’t know this standard till four or five months ago when I started working on a new project. If you know the ISA99 standard, you’ll know I’m talking about an industrial project. Actually, the ISA99 committee has developed the ISA/IEC 62443 series of standards and, then, the ISA99 standard is no longer developed by the committee. What I would like to highlight today is the levels defined by the ISA95 and ISA88 standards.

ISA-95 levels

The first two levels, level 0 and level 1, of process control are focused on the control of equipments which execute the production processes. On the one hand, level 0 is the equipment and human resources which are required for the industrial process. Level 0 is a set of physical assets into the enterprise. On the other hand, automations-systems such as PLCs, DCSs or RTUs are in the level 1. These automations-systems work with the physical assets, which are in the level 0. The level 1 devices are electric and control devices.

PLC - Programmable Logic Controller

The next level, level 2, is very good defined by the ISA88 standard. HMI and SCADA systems are in this second level. HMI are operation monitors to control specific processes while SCADA systems are applications to control and monitor the whole industrial system. As a rule, a PLC is controlled by an HMI while lots of PLCs are monitored with an SCADA system. Therefore, the first interaction between the human being and the hardware is in the level 2.

SCADA - Supervisory Control And Data Acquisition

The next two levels, level 3 and level 4, are well defined by the ISA95 standard. We have the Batch, Historian and MES in the third level. The Batch is like an SCADA with databases for batch production. The Historian is a database where industrial data is store. The MES is the interface between the level 2 and level 4. Therefore, the level 4 is where the business intelligence is located. For instance, ERPs and CRMs are in the level 4.

MES - Manufacturing Execution System

Once all levels are defined, how can we protect an industrial enterprise? The bottom levels can be secured with an Intrusion Prevention System (IPS) with industrial signatures which block attacks against communication protocols (e.g. Modbus, PROFIBUS, Conitel, etc) while the up levels can be secured with Application Control and Web Filtering. In addition, I would like to highlight the importance to segment the network into zones.

FortiGate Rugged

Keep learning and keep studying my friends!! All comments are welcome.

8 April 2019

A Forensic Challenge



I finished the training on Networks, Systems, Hacking and Forensics last week where students have learned a lot about Security, or I think they have learned a lot! This last course about Forensics has been funny because three challenges have had to be resolved by students. The first one was interesting for reinforce the importance of looking at metadata. The second one was a little bit more difficult, which used steganography techniques. I have to admit the third one is difficult for a newbie because it contains a mix of steganography and obfuscation techniques.

The last challenge is about steganography and obfuscation where students have checked the image metadata, hex dumped the file contents and extracted a hidden zip archive. They also have had to look at the start of the file, the end of the file and the middle of the file to extract another file. Finally, students have had to read about esoteric programming language to look for the final flag.


There are lots of CTF (Capture The Flag) challenges on the Internet which are useful for learning about hacking and forensics. You just have to keep studying, reading books and learning what you want!
Related Posts Plugin for WordPress, Blogger...

Entradas populares