The objective of cybersecurity is to analyse system vulnerabilities (hardware, software, procedures, human factors) in order to implement measures to limit them and bein a position to safeguard the continuity of core business functions to an acceptable extent.
There are no ideal or “one-size-fits-all” solutions. Each system has its own unique characteristics and risks that need to be analysed in order to implement suitable solutions whilst limiting the impacts on the core activity of the company.
Our target is to assess the cybersecurity of industrial control systems. Although specific to each facility, ICSs are in most cases made up of the following components:
ICSs currently make abundant use of information technologies, but they were not designed to deal with threats that the latter present.
There are now numerous examples of published ICS vulnerabilities (for example, concerning Modbus and OPC protocols).This is why they need to be included in general assessment on the security of company information systems.
Securing a system entails costs that are often difficult to calculate. Nevertheless, this securing process will protect company investments and production. This is why it is important to define the right objectives and adapt these to requirements.
As the General Security Guidelines (French acronym “RGS”) indicates, it is built upon four pillars that are essential for the good functioning of ICSs:
The Benefits from Digitalization are Great – Security Must Keep Pace
It is with growing concern that hackers are increasingly targeting operational technology (OT), essential for availability, production and safety of critical infrastructure. Attacks against OT have ballooned from 5% to 30% in the last few years. Energy companies make up a majority of these attacks – a spike driven by aging assets, outdated security practices and increased connectivity.
The attached provides a high-level overview of both the benefits and challenges from digitalization in the energy sector. This study covers topics such as: