Illegal access to an industrial system.... it happens.
For sure, cybersecurity is a matter of key concern for conventional information systems (also called conventional IS). But one should not forget about industrial systems. Indeed, industrial systems architectures are nowadays highly computerized and interconnected with conventional information systems (industry 3.0) and even with the Internet (industry 4.0).
While functional security (or safety) is a problem that is currently rather well mastered, industrial systems are exposed to the same cyber threats as traditional information systems. Supporting firms in the industrial world has therefore become a necessity today.
It should be noted that industrial systems are based on IT technologies (control systems) but also on non-standard components (PLCs). The first problem is that, in an operational context, an industrial information system can be deployed for 30 years, perhaps even 50 years. The vulnerabilities generally identified in industrial information systems are:
Poor management of security patches, hardware obsolescence, insufficient monitoring of vulnerabilities and threats;
- Insufficient or incomplete password policies, poor account management and authentication;
- Poor management policy for connection interfaces (USB port for example), remote access;
- Nomadic terminals over which there is scant to no control;
- System Mapping and System Configs over which there is scant to no control, as well as configurations that are not secure.
- Vulnerable hardware and/or protocols in operation inside the industrial information system;
- A lack of physical access control, partitioning, remote maintenance;
- Insufficient supervision of cybersecurity events (logging of security events often limited and little exploited);
Synetis can prepare a Security Audit, based on a method tailored to your needs; this is an efficient way to evaluate the security level of an industrial system and the associated control devices. Last but not least, in terms of securing your industrial system, Synetis can work with you on the organizational, technical and operational aspects (deployment of secure configurations, hardening of equipment, etc.).