{"id":7884,"date":"2025-03-10T11:50:24","date_gmt":"2025-03-10T10:50:24","guid":{"rendered":"https:\/\/swissmakers.ch\/?p=7884"},"modified":"2025-03-10T11:58:58","modified_gmt":"2025-03-10T10:58:58","slug":"securing-ot-modbus","status":"publish","type":"post","link":"https:\/\/swissmakers.ch\/en\/securing-ot-modbus\/","title":{"rendered":"Challenges in securing OT and critical infrastructure"},"content":{"rendered":"<div class=\"gb-container gb-container-92b54c2a\">\n\n<h2 class=\"gb-headline gb-headline-3aa53f7d gb-headline-text\">What is OT and why is it important?<\/h2>\n\n\n\n<p class=\"gb-headline gb-headline-e69e64eb gb-headline-text\">Operational technology (OT) refers to the hardware and software systems used to monitor, control, and automate industrial processes in sectors like energy, water supply, and transportation. Unlike traditional IT systems, which manage data and business applications, OT interacts directly with physical equipment such as power grids, water treatment plants, and industrial control systems.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-8d07a172 gb-headline-text\">In critical infrastructure, OT ensures that essential services remain operational. Systems like SCADA (supervisory sontrol and data acquisition), PLC (programmable logic controllers), and RTU (remote terminal units) are used to regulate energy distribution, monitor gas and water pipelines, and control public transportation networks. These systems must be highly reliable, as disruptions can have far-reaching consequences for public safety and economic stability.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-483e598c gb-headline-text\">With increasing digitalisation and interconnectivity, OT systems are no longer isolated from external networks. Many now integrate with IT networks for remote monitoring, predictive maintenance, and automation. This convergence improves efficiency but also introduces new security challenges, as OT networks - traditionally designed for reliability over security - are now exposed to cyber threats that can cause physical disruptions.<\/p>\n\n<\/div>\n\n<div class=\"gb-container gb-container-b80ec9bc\">\n\n<h2 class=\"gb-headline gb-headline-db774bfd gb-headline-text\">Common OT communications protocols<\/h2>\n\n\n\n<p class=\"gb-headline gb-headline-14ab7443 gb-headline-text\">In OT, communication protocols are designed to support real-time control, reliability, and efficiency in industrial and critical infrastructure environments. Unlike in IT, where the vast majority of communication occurs over common protocols such as TCP\/IP, UDP\/IP, OT networks rely on specialised protocols tailored for specific applications. These protocols are often optimised for low-latency control, deterministic behaviour, and legacy hardware compatibility, but many were not designed with security in mind. Below is an overview of four key OT communication protocols widely used in energy infrastructure and industrial automation.<\/p>\n\n\n\n<h3 class=\"gb-headline gb-headline-78309a53 gb-headline-text\">Modbus<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-f44b739c gb-headline-text\">Modbus is one of the oldest and most widely used industrial communication protocols. Developed in 1979 by Modicon (now Schneider Electric), it enables communication between programmable logic controllers (PLCs), sensors, and SCADA systems. Modbus exists in two main variants:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modbus RTU (uses serial communication)<\/li>\n\n\n\n<li>Modbus TCP (runs over Ethernet networks)<\/li>\n<\/ul>\n\n\n\n<p class=\"gb-headline gb-headline-b4cee735 gb-headline-text\">Application Areas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Industrial automation (factories, process control)<\/li>\n\n\n\n<li>Energy infrastructure (power plants, substations, grid monitoring)<\/li>\n\n\n\n<li>SCADA systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"gb-headline gb-headline-408cf826 gb-headline-text\">M-Bus<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-c0887045 gb-headline-text\">M-Bus is a protocol specifically designed for remote reading of utility meters (electricity, water, gas, and heat). It allows utility companies to efficiently collect and manage consumption data from a large number of distributed meters.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-1b5fe340 gb-headline-text\">Application Areas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Smart metering (gas, water, electricity, district heating)<\/li>\n\n\n\n<li>Utility infrastructure<\/li>\n\n\n\n<li>Building management systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"gb-headline gb-headline-44e1adfd gb-headline-text\">IEC 60870-5-104<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-f9b4d26a gb-headline-text\">IEC 60870-5-104 is a standardised SCADA protocol used for power grid control and monitoring, particularly in Europe. It is an IP-based version of IEC 60870-5-101 and allows remote telemetry and control of substations and distribution systems.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-b147c308 gb-headline-text\">Application Areas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Power grid SCADA systems<\/li>\n\n\n\n<li>Transmission and distribution substations<\/li>\n\n\n\n<li>Energy dispatch centres<\/li>\n<\/ul>\n\n\n\n<h3 class=\"gb-headline gb-headline-20fcd5da gb-headline-text\">IEC 61850<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-934ef997 gb-headline-text\">IEC 61850 is a modern protocol for substation automation and smart grids. Unlike traditional protocols that rely on simple data polling, IEC 61850 introduces object-oriented communication and high-speed event-driven messaging (GOOSE and MMS). It is designed to support automation, predictive maintenance, and real-time grid stability.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-9f0d5d15 gb-headline-text\">Application Areas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Smart grids and modern substation automation<\/li>\n\n\n\n<li>High-voltage power transmission and distribution<\/li>\n\n\n\n<li>Renewable energy integration (solar, wind farms, battery storage systems)<\/li>\n<\/ul>\n\n<\/div>\n\n<div class=\"gb-container gb-container-ed95173f\">\n\n<h2 class=\"gb-headline gb-headline-75e67037 gb-headline-text\">OT security and common threats in OT networks<\/h2>\n\n\n\n<p class=\"gb-headline gb-headline-08f025db gb-headline-text\">OT networks are essential for managing industrial processes in energy, utilities, and other critical infrastructure sectors. Unlike IT networks, which are built with security in mind, OT systems have traditionally prioritised reliability and availability over cybersecurity. Many of the protocols and devices in use today were developed decades ago, long before cyber threats became a concern. As a result, these systems often lack fundamental security measures, making them attractive targets for attackers.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-68aee929 gb-headline-text\">One of the most significant vulnerabilities in OT networks is the lack of authentication and encryption. Many widely used industrial communication protocols, such as Modbus, M-Bus, and IEC 60870-5-104, were not designed to verify the identity of devices or users communicating within the network. This means that any system capable of sending properly formatted messages can potentially issue commands to industrial controllers, actuators, or meters. Even more concerning is that these protocols transmit data in plain text, without any encryption, making it easy for attackers to intercept and manipulate communications. For example, in a Man-in-the-Middle (MITM) attack, an attacker could intercept traffic between a control centre and a substation, altering sensor data or injecting false commands. In a replay attack, an attacker could capture and resend a previously valid command, such as a shutdown signal, to disrupt operations. Because these protocols were designed with reliability rather than security in mind, such attacks can go undetected until serious consequences arise.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-77196835 gb-headline-text\">Beyond communication weaknesses, physical security risks present another major challenge in OT environments. While many assume that industrial control systems are protected by air gaps, meaning they are isolated from external networks, real-world incidents have repeatedly proven otherwise. Physical access points such as USB ports, maintenance laptops, and exposed network interfaces provide direct entry to critical systems. A well-known example is the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Stuxnet\" target=\"_blank\" rel=\"noopener\">Stuxnet attack<\/a>, where malware was introduced into an air-gapped system via infected USB drives, allowing attackers to sabotage industrial centrifuges. Similarly, a malicious insider or an external attacker with brief physical access to a control panel or an industrial Ethernet switch could introduce rogue commands, install malware, or even shut down critical processes.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-9905da3b gb-headline-text\">The combination of unsecured communication protocols and weak physical security controls makes OT networks highly susceptible to cyberattacks. Unlike IT breaches, where the primary concern is data theft, attacks on OT systems can lead to power outages, water supply disruptions, or even physical damage to industrial machinery. As the integration between OT and IT systems continues to grow, securing these environments becomes an urgent priority.<\/p>\n\n<\/div>\n\n<div class=\"gb-container gb-container-cb3a2686\">\n\n<h2 class=\"gb-headline gb-headline-7150b258 gb-headline-text\">Monitoring Modbus: Detecting and mitigating rogue devices in power infrastructure<\/h2>\n\n\n\n<p class=\"gb-headline gb-headline-344e3cb9 gb-headline-text\">Let's assume a local energy provider operates a power distribution network managed by a SCADA system that communicates with remote substations, circuit breakers, and monitoring devices over a Modbus TCP\/IP network. What are the potential security risks and consequences if an attacker gains unauthorised access to the network and how could a SIEM system help detect and mitigate the threat?<\/p>\n\n\n\n<h3 class=\"gb-headline gb-headline-f21ae334 gb-headline-text\">Modbus: How it works, network topology, and security risks<\/h3>\n\n\n<style>.kb-image7884_d21f93-97 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<figure class=\"wp-block-kadence-image kb-image7884_d21f93-97 size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"327\" src=\"https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-1024x327.png\" alt=\"Modbus logo\" class=\"kb-img wp-image-7887\" srcset=\"https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-1024x327.png 1024w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-300x96.png 300w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-768x245.png 768w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-1536x490.png 1536w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-2048x653.png 2048w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus_logo-18x6.png 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"gb-headline gb-headline-0656572f gb-headline-text\">Modbus has a master-slave architecture, where a central device (master) sends requests to one or more subordinate devices (slaves) and awaits responses. These requests can include reading sensor data, modifying device settings, or controlling actuators. The <a href=\"https:\/\/www.realpars.com\/blog\/modbus\" target=\"_blank\" rel=\"noopener\">blog post<\/a> on Realpars.com provides a comprehensive explanation of how Modbus works.<\/p>\n\n\n<style>.kb-image7884_b67a80-64 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<figure class=\"wp-block-kadence-image kb-image7884_b67a80-64 size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/65f854814fd223fc3678f044_Modbus-Master-Query-and-Reply.gif\" alt=\"\" class=\"kb-img wp-image-7898\"\/><figcaption><em>Source: https:\/\/www.realpars.com\/blog\/modbus<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"gb-headline gb-headline-ebaccc79 gb-headline-text\">The protocol operates in two main variants:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modbus RTU (remote terminal unit): Uses serial communication (RS-232 or RS-485), often seen in legacy systems.<\/li>\n\n\n\n<li>Modbus TCP: Uses Ethernet networks, allowing for easier integration with modern OT and IT systems.<\/li>\n<\/ul>\n\n\n<style>.kb-image7884_34f7bc-b1 .kb-image-has-overlay:after{opacity:0.3;}<\/style>\n<figure class=\"wp-block-kadence-image kb-image7884_34f7bc-b1 size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"575\" src=\"https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-1024x575.jpg\" alt=\"\" class=\"kb-img wp-image-7900\" srcset=\"https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-1024x575.jpg 1024w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-300x168.jpg 300w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-768x431.jpg 768w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-1536x863.jpg 1536w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-2048x1150.jpg 2048w, https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/modbus-18x10.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"gb-headline gb-headline-db08c8fe gb-headline-text\">In a typical Modbus network topology, a SCADA system or control server acts as the master, while multiple field devices-such as PLCs, sensors, meters, and RTUs-function as slaves. Communication is direct and unencrypted, meaning that any device on the network can send or modify data if it has access.<\/p>\n\n\n\n<h3 class=\"gb-headline gb-headline-bf0dd82e gb-headline-text\">The threat: A malicious or infected Modbus device in the network<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-313e2ca8 gb-headline-text\">Let's consider a scenario where an attacker introduces a rogue Modbus slave device into the network of our ficticious energy provider. This rogue device could be a compromised sensor, meter, or a PLC acting as a slave. Since Modbus does not include authentication or device verification, any device connected to the network can respond to Modbus requests if it knows the expected format.<\/p>\n\n\n\n<h3 class=\"gb-headline gb-headline-2e282d62 gb-headline-text\">How a Rogue Modbus Slave Can Exploit the Network<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Spoofing legitimate devices: The rogue slave could impersonate an existing, trusted device by using its address and responding to requests with falsified data. If the real device is still online, the attacker could race to respond first, feeding operators incorrect readings. Example: A rogue temperature sensor reports normal values, masking an actual overheating issue in a substation.<\/li>\n\n\n\n<li>Flooding the network with fake responses: A rogue slave could continuously respond to Modbus queries, overwhelming the master and making it difficult for legitimate devices to communicate. Example: A malicious device sends thousands of responses per second, causing latency and operational delays.<\/li>\n\n\n\n<li>Passive Data Exfiltration (eavesdropping on queries): Even if the rogue device does not actively send malicious responses, it could passively listen to Modbus requests, learning operational details about the grid. Example: The rogue slave logs all SCADA queries, capturing real-time energy distribution data for industrial espionage.<\/li>\n<\/ol>\n\n\n\n<p class=\"gb-headline gb-headline-a18f9b95 gb-headline-text\">Because Modbus devices inherently trust all network participants, these attacks can go unnoticed unless proper monitoring mechanisms are in place.<\/p>\n\n\n\n<h3 class=\"gb-headline gb-headline-3e3a954e gb-headline-text\">How a SIEM can detect and react to a malicious Modbus device<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-701a9e9c gb-headline-text\">A Security Information and Event Management (<a href=\"https:\/\/swissmakers.ch\/en\/siem-elasticsearch\/\">SIEM<\/a>) system plays a crucial role in detecting and responding to threats in an OT network. Since Modbus lacks authentication and encryption, a SIEM can act as a second layer of defence, continuously monitoring network activity, tracking devices, and flagging abnormal behaviour.<\/p>\n\n\n\n<h4 class=\"gb-headline gb-headline-5bc4c4f1 gb-headline-text\">Monitoring and inventory of Modbus devices<\/h4>\n\n\n\n<p class=\"gb-headline gb-headline-d409a893 gb-headline-text\">One of the first security measures a SIEM can provide is building an inventory of legitimate devices in the Modbus network. This can be done in two ways:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Passive Monitoring: The SIEM listens to normal Modbus traffic, logging which slave devices respond to requests from the master. If a new, unrecognised Modbus slave suddenly appears in the network, the SIEM can raise an alarm, as this could indicate an unauthorised device.<\/li>\n\n\n\n<li>Active Polling (Inventory Scans): The SIEM can periodically instruct the master to send queries to all possible slave addresses and track their responses. This ensures that only known devices are operating in the network and helps detect unauthorised Modbus slaves in real-time. Additionally, the SIEM can collect device-specific information, such as Modbus function codes supported, register values, and response patterns, helping to identify potential anomalies.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"gb-headline gb-headline-351cbc01 gb-headline-text\">Automated Response &amp; Mitigation<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-0af2c861 gb-headline-text\">When the SIEM detects a rogue Modbus device, it can trigger various predetermined actions to contain the threat before it escalates:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Isolation of the Rogue Device: If the SIEM detects a new or suspicious Modbus slave, it can instruct a managed switch to block the device's MAC address or shut down the Ethernet port to prevent further communication.<\/li>\n\n\n\n<li>Blocking Unauthorized Modbus Commands: The SIEM can integrate with firewalls or intrusion prevention systems (IPS) to block specific Modbus function codes (e.g., unauthorised WRITE commands to critical registers).<\/li>\n\n\n\n<li>Real-Time Alerts to Security Teams: The SIEM sends high-priority alerts to the Security Operations Centre (SOC), allowing security analysts to manually investigate and confirm the threat.<\/li>\n\n\n\n<li>Correlation with other security events: If a rogue Modbus device also tries to communicate with an external network, the SIEM can correlate this with firewall logs, identifying potential data exfiltration.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"gb-headline gb-headline-09177256 gb-headline-text\">How to retrofit security in a brownfield OT environment<\/h3>\n\n\n\n<p class=\"gb-headline gb-headline-ca5ca463 gb-headline-text\">Securing an existing (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Brownfield_(software_development)\" target=\"_blank\" rel=\"noopener\">brownfield<\/a>) OT environment can be challenging. However, integrating a SIEM system into the OT network can provide real-time visibility, anomaly detection, and automated response without disrupting operations.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-c98af65e gb-headline-text\">Steps to Improve Security in a brownfield OT network<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Deploy a SIEM System<\/li>\n\n\n\n<li>Ensure the SIEM Access to all OT network segments<\/li>\n\n\n\n<li>Create a device inventory: Leverage the SIEM to passively map out all existing OT devices and their communication patterns. Identify legacy or undocumented devices that could pose security risks.<\/li>\n\n\n\n<li>Monitor network traffic continuously: Establish a baseline of normal Modbus\/OT traffic to detect deviations and anomalies. Track which devices communicate and how frequently to spot unexpected behaviours.<\/li>\n\n\n\n<li>Detect and alert on unauthorized devices or behavior: Raise real-time alerts if a new device appears or if an existing device starts acting abnormally. Flag unexpected function codes, unauthorised write attempts, or anomalous response behaviour.<\/li>\n\n\n\n<li>Automate incident response: Integrate the SIEM with managed switches or firewalls to isolate compromised devices.<\/li>\n<\/ol>\n\n\n\n<p class=\"gb-headline gb-headline-5412c9c3 gb-headline-text\">By following these steps, brownfield OT networks can achieve a higher level of security without requiring a complete infrastructure overhaul.<\/p>\n\n<\/div>\n\n<div class=\"gb-container gb-container-1eecff8c\">\n\n<h2 class=\"gb-headline gb-headline-bdbfbac9 gb-headline-text\">Conclusion<\/h2>\n\n\n\n<p class=\"gb-headline gb-headline-593fe21d gb-headline-text\">Implementing a SIEM system is crucial for securing OT networks in energy infrastructure, especially with the increasing cyber threats targeting Modbus-based systems. A SIEM enables real-time monitoring, anomaly detection, and automated threat response, helping energy providers identify rogue devices, prevent disruptions, and maintain operational integrity.<\/p>\n\n\n\n<p class=\"gb-headline gb-headline-c6919c77 gb-headline-text\">With extensive expertise in SIEM solutions for energy suppliers, Swissmakers offers tailored security monitoring based on Elasticsearch, providing automated analysis and proactive threat detection. Our SOC-lite service ensures continuous SIEM maintenance, alarm analysis, and incident response, allowing energy providers to focus on their core operations while we safeguard their critical infrastructure.<\/p>\n\n<\/div>\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>What is OT and why is it important? Operational technology (OT) refers to the hardware ... <\/p>\n<p class=\"read-more-container\"><a title=\"Challenges in securing OT and critical infrastructure\" class=\"read-more button\" href=\"https:\/\/swissmakers.ch\/en\/securing-ot-modbus\/#more-7884\" aria-label=\"Read more about Challenges in securing OT and critical infrastructure\">Read more<\/a><\/p>","protected":false},"author":12,"featured_media":7906,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"categories":[15,16,17],"tags":[],"class_list":["post-7884","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-itsecurity","category-monitoring","category-network","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"taxonomy_info":{"category":[{"value":15,"label":"IT-Security"},{"value":16,"label":"Monitoring"},{"value":17,"label":"Network"}]},"featured_image_src_large":["https:\/\/swissmakers.ch\/wp-content\/uploads\/2025\/03\/Bild-Securing-OT-1200x600-1-1024x512.png",1024,512,true],"author_info":{"display_name":"Enrico Cirignaco","author_link":"https:\/\/swissmakers.ch\/en\/author\/enrico\/"},"comment_info":0,"category_info":[{"term_id":15,"name":"IT-Security","slug":"itsecurity","term_group":0,"term_taxonomy_id":15,"taxonomy":"category","description":"","parent":0,"count":9,"filter":"raw","cat_ID":15,"category_count":9,"category_description":"","cat_name":"IT-Security","category_nicename":"itsecurity","category_parent":0},{"term_id":16,"name":"Monitoring","slug":"monitoring","term_group":0,"term_taxonomy_id":16,"taxonomy":"category","description":"","parent":0,"count":8,"filter":"raw","cat_ID":16,"category_count":8,"category_description":"","cat_name":"Monitoring","category_nicename":"monitoring","category_parent":0},{"term_id":17,"name":"Network","slug":"network","term_group":0,"term_taxonomy_id":17,"taxonomy":"category","description":"","parent":0,"count":6,"filter":"raw","cat_ID":17,"category_count":6,"category_description":"","cat_name":"Network","category_nicename":"network","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/posts\/7884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/comments?post=7884"}],"version-history":[{"count":9,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/posts\/7884\/revisions"}],"predecessor-version":[{"id":7905,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/posts\/7884\/revisions\/7905"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/media\/7906"}],"wp:attachment":[{"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/media?parent=7884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/categories?post=7884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swissmakers.ch\/en\/wp-json\/wp\/v2\/tags?post=7884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}