In the industrial sector, everyone is now talking about cybersecurity issue. But is it really a new issue?
Marc Baudin: New? Certainly not, cybersecurity issues have always existed in the IT world. But we note that methods of responding to these issues changed over time. For exemple, an "air gap" or "air wall" was previously set up to secure an industrial network. The technical network was then completely independent of other external networks and was in fact secure.
But increasingly interconnections with this network have been created to ensure continuity of service and to meet new needs, such as: convergence of installations, industrial monitoring, the need for report generation, remote maintenance, remote surveillance, etc. This has resulted in an increase in the number of openings and, consequently, potential security breaches on the network.
Julien Bennet: Lightly monitored by IT departments, technical networks have been opened up in response to the demands of manufacturers seeking performance and operational efficiency. Nevertheless, over the last ten years, there has been a real increase in awareness and therefore a rise in the importance of cybersecurity issues. Network security became a priority. It was at this point that we received the first requests concerning secure communication protocols, for example SNMP v3 or more recently OPC UA.
Where do industrial players stand in securing their networks and what strategy should they adopt?
Marc Baudin: Today, one of the problems faced by manufacturers is the renewal of existing installations, especially the cost and time involved. The large majority of equipment and materials in service do not have a secure communication protocol.
Julien Bennet: The security strategy then consists of putting these installations in secure "boxes". This method is totally reliable and allows connections to be secured with encryption devices. The data in transit is thus rendered unreadable and unalterable.
To go further, even if all the technical installations and equipments are renewed and therefore natively secure, it is still essential to continue to partition and limit access to the network. The attack surface must be reduced and user access rights must be limited as much as possible to guarantee a high level of security.
Several cyber attacks in France and abroad have made a lot of noise recently. What is your point of view on this and what are AREAL's recommendations ?
Marc Baudin: In the latest attacks we have seen, some of the fundamental rules of cybersecurity were not respected: no monitoring, passwords known by everyone, remote control software left permanently active, etc. At AREAL, we are committed to always advising our customers in order to ensure the best performance of their installations and their security. We carefully follow the ANSSI's advice and encourage our customers to do the same.
Julien Bennet: Cybersecurity is a constant battle. Depending on the structure, it may require a person or a team specialising in the subject to be permanently mobilised in order to check the machines and equipments installed, to raise awareness among new recruits and to ensure that the departure of certain employees does not create vulnerabilities.
Comprehensive monitoring of equipment ensures that the system meets security objectives, protects against attacks of all types and, if an attack does occur, enables a rapid response to limit its scope.
Supervision solution and cybersecurity: how does AREAL act at its scale?
Marc Baudin: As a software publisher, we owe our customers reliable software in terms of both functionality and security. We ensure a monitoring process to react to the detection of flaws in third-party libraries and we have a development process that takes security into account. We act on the architecture of Topkapi to meet functional needs while ensuring optimal security. Our software platform includes, for example, a wide range of secure native protocols. In addition, we work on securing internal communications, partitioning access rights, information traceability, all the subjects listed by the ANSSI.
Julien Bennet: Cybersecurity is also an internal issue, and all employees are trained in good cybersecurity practices. We follow the work carried out by the ANSSI and our support and development teams are in a process of continuous training on this subject. Even during support operations via a handover, for example, we guarantee our customers that the security of their system will not be altered. We are currently in the process of obtaining CSPN certification (Certification de Sécurité de Premier Niveau, also known as "Visa de Sécurité de l'ANSSI") and have our installations audited by a specialist firm. For us, as for our customers, cybersecurity is a priority.