Share:
Cybersecurity of industrial systems
Industrial system architectures have undergone major transformations in recent decades. Today, they are highly computerized and interconnected with traditional information systems (industry 3.0), and even with the Internet (industry 4.0). While functional security (or safety) is a well-mastered issue, industrial systems are now exposed to the same cyber threats as traditional information systems.
The consequences can nevertheless be potentially dramatic: pipeline rupture, water pollution, tramway derailment, sabotage of a nuclear reactor, etc.
The support of industrial actors has become a necessity, in order to raise awareness of cybersecurity risks among a potentially unaware population. In this sense, the SSI audit is an efficient way to evaluate the security level of an industrial system and its associated control devices. Industrial systems rely on IT technologies (control systems) but also on non-standard components (PLCs) which have a high availability risk.
In carrying out industrial system audits, Synetis uses a global, structured and pragmatic approach to take into account the organizational and technical constraints of your production environment (equipment sensitivity, diversity of entry points, partitioning of industrial networks, specificity of technologies, management of obsolescence) and focuses in particular on verifying both organizational and technical security measures, as well as the exposure of industrial networks to the risks of cyber intrusion.
Synetis uses the ANSSI guides relating to the cybersecurity of industrial systems to address potential industrial risks. In its approach, Synetis checks the following points (non-exhaustive list):
- Statements about the employment context (including chain of custody);
- Physical, logical and application mapping verification;
- Backup Plan;
- Document management ;
- Analysis of the design and specification phases.
- Account and Authentication Management;
- Industrial system partitioning;
- Protocol Security;
- Hardening of configurations
- Active monitoring process on vulnerabilities and maintenance of a configuration repository on industrial system components;
- Mobile equipment management;
- Safety of consoles, stations and posts.
- Industrial system monitoring.
- Lack of management of security patches, hardware obsolescence, monitoring of vulnerabilities and threats;
- Inadequate or incomplete password policies, lack of account management and authentication;
- The absence of a policy for managing connection interfaces (e.g. USB port), remote accesses ;
- The use of mobile terminals not mastered ;
- Uncontrolled mapping or even the absence of configuration control or the absence of secure configurations;
- Use of vulnerable equipment and/or protocols;
- A lack of physical access control, partitioning, remote maintenance ;
- Insufficient supervision of cybersecurity events (logging of security events often limited and not fully exploited).