While functional safety (or security) is a problem that is currently rather well mastered, industrial systems are exposed to the same cyber threats as conventional information systems. Supporting the players in the industrial world has therefore become a necessity today.

It should be noted that industrial systems are based on IT technologies (control systems) but also on non-standard components (PLCs). The first problem is that, in an operational context, an industrial information system can be deployed for 30 years, 50 years. The vulnerabilities generally identified on industrial IS are :

• Lack of management of security patches, hardware obsolescence, monitoring of vulnerabilities and threats;
• Insufficient or incomplete password policies, lack of account management and authentication ;
• The absence of a management policy for connection interfaces (USB port for example), remote access ;
• The use of uncontrolled nomadic terminals ;
• An uncontrolled cartography or even the absence of control of the configuration or the absence of secured configurations ;
• The use of vulnerable equipment and/or protocols ;
• A lack of physical access control, partitioning, remote maintenance ;
• Insufficient supervision of cybersecurity events (logging of security events often limited and little exploited) ;
• Etc.

Synetis is able to assist you in carrying out a security audit (with an ad hoc method) which is an effective means of assessing the security level of an industrial system and the associated control devices. Finally, in terms of securing your industrial system, Synetis is able to support you on organizational as well as technical/operational aspects (deployment of secure configurations, hardening of equipment, etc.).