Cybersecurity of Smart Grids for an energy provider
Cybersecurity of Smart Grids for an energy provider
Offer
Industrial cybersecurity relates to industrial information systems. It includes all that involves studying the risks to which they are exposed, defining and implementing measures (technical and organisational) to reduce these risks to an acceptable residual level. Anticipating threats and vulnerabilities watch must ensure the lasting effectiveness of these measures in response to evolving threats and risks.
Industrial Automation and Control Systems (IACS) play a leading role in responding to the strategic challenges of complex industries and infrastructures. Under the influence of technological developments based on digitalization, artificial intelligence and IoT, IACS have undergone profound changes in recent decades. Hyperconnectivity and standardization of communication protocols open up immense possibilities. But they increase the exposure of equipment and systems to the cyber threats that are a daily reality. Increasingly numerous and complex attacks can indeed lead to operating losses, theft of technological information or alteration of sensitive data. In the worst case, the dreaded events can even lead to the destruction of the industrial facility or major industrial accidents.
In this context, the criticality of the functions performed by Industrial Information Systems leads to reassessing the design strategies of these systems’ architectures. The same applies to the choice of their components. The governance of engineering, operations and maintenance activities is also concerned for each stage of the Systems lifecycle.
National standards (LPM and ANSSI Guides), European (NIS Directive) and international (IEC 62 443 standard) provide answers to address the cyber issue of IACS. They combine approaches derived from information security standards (ISO 27 000 series) and reference systems specific to IACS such as IEC 61 511, which is related to functional safety. These different frameworks provide gradual responses based on risk analysis and defence in depth.
The sites physical protection is also to be taken into consideration and is part of a global security approach to be deployed in particular among OIVs (Operators of Vital Importance) and OSE (Essential Service Operators).
Assystem integrates Industrial Automation and Control Systems in the areas of BMS, Safety/Physical Protection and Control systems for the Nuclear, Transport, Defence and Life Sciences sectors. We design and deliver systems that meet cybersecurity requirements. We advise our customers on the vulnerability status of their systems and on measures to improve their cyber-protection.
Our approach is based on risk assessment and extends to Maintenance in Operational Conditions (MOC) which is now inseparable from Maintenance in Security Conditions (MSC). In this way, the IACS will ensure their missions on a permanent basis by also providing a response to the sustainability issues that are central to these systems.
The objective is to preserve the functions of the concerned IACS: process management, safety functions, air conditioning of a building, protection of people or the environment, electrical distribution, etc.
Our offer is summarized in 3 parts developed according to the project context in positions of Assistance to the owner, Project management consultancy, design/development, or maintenance:
Historical expertise in OT fields
Dual Positioning of Engineer and Integrator/ Maintainer
Multiple-sector expertise
Independent from technology
Mapping, Classification, Preliminary and Detailed Risk Analyses, Combined Approaches
Specification of Technical and Organizational Measures, Cyber Roadmaps, Documentation
Support for security accreditation (LPM), Audits, Residual risk characterisation
PLC/DCS network architectures, secure SCADA, technical measures (filtration, authentication, encryption, detection, etc.) and organisational (training, O&M procedures, etc.)
Maintenance in operational conditions, Sustainability engineering, Obsolescence and vulnerability monitoring, Patch management (CVSS databases), Stakeholder awareness, Risk reassessment, etc.
Expert talks
" There are real issues in securing the OT part, which requires business process skills along with expertise in cybersecurity."
Our projects