Industrial Security

Industrial systems are becoming increasingly interconnected, automated and specialized for complex tasks. In the industrial environment, many plants and their components are insufficiently protected against cyberattacks due to their long life cycles. Once an attacker managed to gain access to one part of the system, taking over, spying on or manipulating other parts of the system is almost childsplay. For plant manufacturers as well as operators, a successful attack can result in loss of reputation, financial damage and danger to life and limb of staff.

The IT security of industrial plants is one of the research areas of the scientists at Fraunhofer AISEC. The topic Industrial Security provides information about their work and concrete research results on securing industrial systems.

Tobias Specht

gallia – An Extendable Pentesting Framework

gallia is an extendable pentesting framework with the focus on the automotive domain, developed by Fraunhofer AISEC under the Apache 2.0 license. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface but is not limited to it. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks.
The following blog post introduces gallia’s architecture, its plugin interface, and its intended use case. The post covers the interaction between its components and shows how gallia can be extended for other use cases.

Read More »
Alexander Giehl

Digital twins and their potential for OT security

A digital twin is a virtual representation of a real system or device. It accompanies its physical counterpart during its entire life cycle. Tests, optimization procedures and bug hunting can be carried out on the twin first without involving the real device (that may not even exist at that moment). In this article, I want to give you some recommendations on how to harness that potential for improving upon the state of OT security (Operational Technology Security), e.g., within manufacturing or building automation.

Read More »
Other Topics