industrial systems audits
industrial systems cybersecurity
The architectures of industrial systems have undergone major transformations in recent decades. They are now highly computerized and interconnected with traditional information systems (industry 3.0), and even with the Internet (industry 4.0). While functional security (or safety) is a well-documented issue, industrial systems are now exposed to the same cyber threats as traditional information systems.
- Organizational Security Measures :
- Statements relating to the employment context (chain of responsibility in particular)
- Verification of physical, logical and application mapping
- Backup plan
- Document management
- Analysis of the design and specification phases
- Technical safety measures :
- Account management and Authentication
- Partitioning of industrial systems
- Protocol security
- Hardening of configurations
- Active vulnerability watch process and maintenance of a configuration repository on industrial system components
- Mobile equipment management
- Security of terminals and workstations
- Industrial System Monitoring
To complete the previous actions: intrusion tests on industrial systems allow teams (that would normally consider themselves as ‘not concerned’) to integrate cybersecurity within an industrial environment. After a phase of recognition of the industrial system as well as the discovery of active equipment (tcpdump probe, passive and active ARP scans, etc.) and services (TCP and UDP scans, etc.), the Synetis auditor identifies the key components of the industrial system such as industrial programmable logic controllers (PLCs) of RTU or PLC type, control systems (SCADA), supervision and control systems, etc. Lastly, before the manual testing phase, the auditor checks the presence of vulnerabilities through a vulnerability scanning solution and the use of categorized SCADA plugins. Other aspects can also be dealt with, such as the search for the use of default passwords, the identification of access accounts from the HTTP service of certain PLCs, etc.
The vulnerabilities generally identified on industrial information Systems are:
- Lack of management of security patches; hardware obsolescence; monitoring of vulnerabilities and threats
- Insufficient or incomplete password policies; lack of account management and authentication
- Absence of a management policy for connection interfaces (e.g. USB port); remote accesses, etc.
- Use of uncontrolled nomadic terminals
- Uncontrolled mapping (or even, absence of configuration control or absence of secure configurations)
- The use of vulnerable equipment and/or protocols
- A defect in physical access control, partitioning, remote maintenance
- Insufficient supervision of cybersecurity events (logging of security events often limited and infrequently exploited)
- Etc.
Build your
Cybersecurity
with Synetis!