industrial systems audits

industrial systems cybersecurity

The architectures of industrial systems have undergone major transformations in recent decades. They are now highly computerized and interconnected with traditional information systems (industry 3.0), and even with the Internet (industry 4.0). While functional security (or safety) is a well-documented issue, industrial systems are now exposed to the same cyber threats as traditional information systems.

Nevertheless, the consequences can be potentially dramatic: ruptured pipelines, water pollution, streetcar derailment, nuclear reactor sabotage, etc. It has become necessary to support players in the industrial world in order to raise awareness of the risks associated with cybersecurity among a potentially uninformed population. In this sense, an ISS audit is an effective way of assessing the level of security of an industrial system and the associated control systems. Industrial systems are based on IT technologies (control systems) but also on non-standard components (PLCs) where it is considered that there is a high risk to their level of availability. When carrying out audits of industrial systems, Synetis, with a global, structured and pragmatic approach, takes into account the organizational and technical constraints of your production environment (equipment sensitivity, diversity of entry points, partitioning of industrial networks, specificity of technologies, obsolescence management) and focuses in particular on verifying both organizational and technical security measures, as well as the exposure of industrial networks to the risks of cyberintrusion. Faced with potential industrial risks, Synetis uses the ANSSI guides relating to the cybersecurity of industrial systems. In its approach, Synetis checks the following points (non-exhaustive list):
  • Organizational Security Measures :
  • Statements relating to the employment context (chain of responsibility in particular)
  • Verification of physical, logical and application mapping
  • Backup plan
  • Document management
  • Analysis of the design and specification phases
  • Technical safety measures :
  • Account management and Authentication
  • Partitioning of industrial systems
  • Protocol security
  • Hardening of configurations
  • Active vulnerability watch process and maintenance of a configuration repository on industrial system components
  • Mobile equipment management
  • Security of terminals and workstations
  • Industrial System Monitoring

To complete the previous actions: intrusion tests on industrial systems allow teams (that would normally consider themselves as ‘not concerned’) to integrate cybersecurity within an industrial environment. After a phase of recognition of the industrial system as well as the discovery of active equipment (tcpdump probe, passive and active ARP scans, etc.) and services (TCP and UDP scans, etc.), the Synetis auditor identifies the key components of the industrial system such as industrial programmable logic controllers (PLCs) of RTU or PLC type, control systems (SCADA), supervision and control systems, etc. Lastly, before the manual testing phase, the auditor checks the presence of vulnerabilities through a vulnerability scanning solution and the use of categorized SCADA plugins. Other aspects can also be dealt with, such as the search for the use of default passwords, the identification of access accounts from the HTTP service of certain PLCs, etc.

The vulnerabilities generally identified on industrial information Systems are:

  • Lack of management of security patches; hardware obsolescence; monitoring of vulnerabilities and threats
  • Insufficient or incomplete password policies; lack of account management and authentication
  • Absence of a management policy for connection interfaces (e.g. USB port); remote accesses, etc.
  • Use of uncontrolled nomadic terminals
  • Uncontrolled mapping (or even, absence of configuration control or absence of secure configurations)
  • The use of vulnerable equipment and/or protocols
  • A defect in physical access control, partitioning, remote maintenance
  • Insufficient supervision of cybersecurity events (logging of security events often limited and infrequently exploited)
  • Etc.

Build your

Cybersecurity

with Synetis!