This site uses cookies to enhance navigation. If you continue with your visit, you accept the use of cookies and privacy policy. Accept

IK4 Doctorados



Research aimed at the development of people  and transfer of the most advanced technologies for companies.



Penetration Tests for the Validation of Industrial Cybersecurity Scenarios with Safety Requirements


START: 10/2016




Our society depends heavily on reliable embedded systems that control and manage transport systems (e.g. trains, cars, lifts), energy generation and transmission systems (e.g. wind turbines, substations), machine tools, production plants (e.g. PLCs), etc. These industrial systems have historically had functional safety requirements, as the physical integrity of people and systems depends on their proper operation. Moreover, during more recent years, many of these systems that were isolated or connected to a local industrial network, are now connected to public networks using wired communications protocol (Ethernet) and/or remote communications via mobile networks.

This scenario envisages the proliferation of the Internet of Things (IIoT - Industrial Internet of Things) and offers multiple benefits (monitoring and remote control, fleet management, remote updating, predictive maintenance, etc.) and new business models. However, on the downside, the systems have an increased vulnerability to malicious attacks and it opens the possibilities to new risks that can lead to the damage of property, financial losses, violation of intellectual property, and even the loss of life. In light of this situation, industrial environments must not only protect people from machinery (known as functional safety), but also the machinery from people (or cybersecurity). Consequently, the functional safety standards widely employed within these sectors are beginning to reflect this concern regarding cybersecurity. In the computer world, information security is a mature field, with consolidated techniques and procedures that evolve over time in order to provide protection against new threats. However, many of these techniques and procedures require to be adapted for their use in industrial applications, where control systems are created from a wide range of embedded systems with very different features compared to conventional information systems.

Therefore, it is necessary to develop new techniques to protect systems against attacks to local hardware, operating systems, software and wired industrial communications and remote attacks. There is a need in many sectors to mitigate these threats and to validate the developments made with respect to known attacks and threats. This dissertation is found within this context and its objective is to define a penetration test environment capable of evolving at pace with state-of-art attacks and threats and to be applied to the industrial sector on multiple levels (hardware, software and communications). It must be kept in mind that the systems to be validated will, in turn, have their own functional safety requirements, being the management of the interaction of functional safety and cybersecurity, one of the cornerstones of work to be developed.

Department or unit of the Associates Technology Center

Electronics, Information and Communication Technologies

Investigation line

Reliable embedded systems

Start date planned


Obtaining date of the doctor degree



Higher engineering or Master in the following specialities (or equivalent): Automation and Industrial Electronics, Information Technology, Telecommunications, Embedded Systems. Prior knowledge and interest in the field of information security is an advantage.

With number 1 as the first option, 2 as the second and 3 as the last option.

Remember, only click "Send" once you have configured your options correctly. Click on the "Save" button to add more options, or to change their position.