Cybersecurity of Smart Grids for an energy provider
Cybersecurity of Smart Grids for an energy provider
Offer
Industrial Cybersecurity
Hyperconnectivity provides tremendous opportunities but increases exposure of equipment and information systems to cyber threats
Stakes
Industrial cybersecurity relates to industrial information systems. It includes all that involves studying the risks to which they are exposed, defining and implementing measures (technical and organisational) to reduce these risks to an acceptable residual level. Anticipating threats and vulnerabilities watch must ensure the lasting effectiveness of these measures in response to evolving threats and risks.
Industrial Automation and Control Systems (IACS) play a leading role in responding to the strategic challenges of complex industries and infrastructures. Under the influence of technological developments based on digitalization, artificial intelligence and IoT, IACS have undergone profound changes in recent decades. Hyperconnectivity and standardization of communication protocols open up immense possibilities. But they increase the exposure of equipment and systems to the cyber threats that are a daily reality. Increasingly numerous and complex attacks can indeed lead to operating losses, theft of technological information or alteration of sensitive data. In the worst case, the dreaded events can even lead to the destruction of the industrial facility or major industrial accidents.
In this context, the criticality of the functions performed by Industrial Information Systems leads to reassessing the design strategies of these systems’ architectures. The same applies to the choice of their components. The governance of engineering, operations and maintenance activities is also concerned for each stage of the Systems lifecycle.
National standards (LPM and ANSSI Guides), European (NIS Directive) and international (IEC 62 443 standard) provide answers to address the cyber issue of IACS. They combine approaches derived from information security standards (ISO 27 000 series) and reference systems specific to IACS such as IEC 61 511, which is related to functional safety. These different frameworks provide gradual responses based on risk analysis and defence in depth.
The sites physical protection is also to be taken into consideration and is part of a global security approach to be deployed in particular among OIVs (Operators of Vital Importance) and OSE (Essential Service Operators).
>
201 days to discover a cyber attack And another 70 days to overcome the damage done Source : Ponemon Institut
Our approach
Assystem integrates Industrial Automation and Control Systems in the areas of BMS, Safety/Physical Protection and Control systems for the Nuclear, Transport, Defence and Life Sciences sectors. We design and deliver systems that meet cybersecurity requirements. We advise our customers on the vulnerability status of their systems and on measures to improve their cyber-protection.
Our approach is based on risk assessment and extends to Maintenance in Operational Conditions (MOC) which is now inseparable from Maintenance in Security Conditions (MSC). In this way, the IACS will ensure their missions on a permanent basis by also providing a response to the sustainability issues that are central to these systems.
The objective is to preserve the functions of the concerned IACS: process management, safety functions, air conditioning of a building, protection of people or the environment, electrical distribution, etc.
Our offer is summarized in 3 parts developed according to the project context in positions of Assistance to the owner, Project management consultancy, design/development, or maintenance:
- Assess the risks, specify the appropriate measures, validate the effectiveness of measures in place or monitor their implementation supported by other actors. This approach covers, for example, support for security accreditation (e.g. french LPM context), which consists, throughout a project, in ensuring that the systems developed are properly designed and documented but also that the activities for operating and maintaining them are leading to an acceptable level of residual risks.
- Design / implementation of industrial systems (new projects or renovations) that must incorporate cybersecurity and in this case the consideration of cybersecurity is coupled with our “traditional” systems integration activities.
- Maintenance / MOC of systems coupled to the MSC which helps to maintain the level of efficiency of the measures over time (monitoring, patch management, awareness, etc.).
Our assets
Historical expertise in OT fields
Dual Positioning of Engineer and Integrator/ Maintainer
Multiple-sector expertise
Independent from technology
Our solutions
Initial risk assessment
Mapping, Classification, Preliminary and Detailed Risk Analyses, Combined Approaches
Risk Treatment Plan
Specification of Technical and Organizational Measures, Cyber Roadmaps, Documentation
Monitoring the deployment of measures
Support for security accreditation (LPM), Audits, Residual risk characterisation
Secure IACS design and implementation (new projects and renovation)
PLC/DCS network architectures, secure SCADA, technical measures (filtration, authentication, encryption, detection, etc.) and organisational (training, O&M procedures, etc.)
IACS MOC and MSC
Maintenance in operational conditions, Sustainability engineering, Obsolescence and vulnerability monitoring, Patch management (CVSS databases), Stakeholder awareness, Risk reassessment, etc.
Vulnerability Management
Expert talks
Our projects
