Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Iberdrola awarded a 2012 European SCADA Security Innovation Award

Pictured: Michael Assante, President & CEO, National Board of Information Security Examiners & SCADA Summit Chair, SANS Institute & Miguel Chavero Escamilla, CMDS IT Manager, Iberdrola

  • Washington, DC
  • January 16, 2013
Iberdrola awarded a 2012 European SCADA Security Innovation Award

The SANS Institute today announced today that the Iberdrola has won a 2012 European SCADA Security Innovation Award for leading the implementation of traditional and also cutting-edge security projects in the SCADA world; when very few organizations in this sector were even paying attention to security.

Iberdrola is the largest energy company in Spain and operates multiple types of energy production plants (gas, coal, water, eolic, nuclear) in multiple countries in the European Union and Latin America.

The history of Iberdrola is one of innovation. In early 2000 Iberdrola decided to create the CMDS, a 24x7 Monitoring Center for the operations of their Critical Infrastructure. Inside the scope of the CMDS, and with a codename of AURA, a long-term security program for the in-depth security of their SCADA networks was put in motion.

Starting by a highly tight perimeter in its early stages (AURA.PERIN), through an extensive IDS deployment (AURA.DETIN), Iberdrola jumped into much more aggressive security set projects such as AURA.BACON for the automated change of privileged passwords, together with the restriction, monitoring and control of all external access to the SCADA networks via a clever and innovative use of the most advanced privileged access management technology available.

Other projects followed such as AURA.CIMAS, for the automated monitoring and configuration management of the security infrastructure, AURA.CENLOG, an advanced SIEM system with automated investigation and response capabilities, or AURA.INFOR for the ability to perform Enterprise Forensics, Incident Response and Malware Analysis in the SCADA networks. AURA.SECDIS launched in 2011 had a double objective: on the one side segmenting SCADA hosts via the implementation of sandboxing and whitelisting technology in the SCADA systems and on the other the restriction of distribution of files to the SCADA networks by blocking USB devices and making all file transfers go through a central distribution point with malware detection capabilities.

In 2011, Iberdrola started two of the latest and most innovative projects to date: AURA.MARS and AURA CONSEG.

The objective of the AURA.MARS project was to create a highly flexible Cybersecurity network with a central highly segmenting network (with 5 security zones), where all central security devices together with the brains of the system sit at the CMDS, and a modular highly segmented virtual environment sitting in each of the plants. This server provides the capability to run multiple virtual machines and therefore provide multiple local security capabilities such as monitoring, scanning, forensics, etc. This avoids the need to open the SCADA networks to remote systems, but at the same time ensures that it is highly integrated with the central MARS command and control center.

AURA.CONSEG is the latest project in the AURA program and its objective is integrating with AURA.MARS to be able to capture the most meaningful security events and present them to the plant operators in an easy to visualize and easy to understand way. No one knows the plant better than the plant operators, and being able to translate security events to threats they can map to their operations so they can detect and react to subtle threats is a massive accomplishment.

This program also aligns very well with the Top 20 Critical Controls even though the AURA program started years before the Top 20 Critical existed. The publishing of the Top 20 Critical Controls has provided great feedback to the AURA program and it is now seeding ideas for new innovative projects which will most certainly be seeing the light in the next few years.

About the European SCADA Security Innovation Awards

The European SCADA Security Innovation Awards recognize the most innovative SCADA projects being done in Europe and the leading innovators in the field. Areas of recognition include:

  • Management support in the development of an industry leading security program
  • Innovative ICS security implementations
  • Community-enhancing research and testing

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (