Share :
Cybersecurity of industrial systems
The architectures of industrial systems have undergone major transformations in recent decades. Today, they are highly computerized and interconnected with conventional information systems (industry 3.0), and even with the Internet (industry 4.0). While functional safety is a well-established issue, industrial systems are now exposed to the same cyber threats as conventional information systems.
Nevertheless, the consequences can be potentially dramatic: pipeline ruptures, water pollution, tramway derailments, sabotage of a nuclear reactor, and so on.
It has become necessary to support the actors of the industrial world in order to raise the awareness of a potentially uninformed population to the risks linked to cybersecurity. In this sense, the SSI audit is an effective way of assessing the level of security of an industrial system and its associated control devices. Industrial systems are based on IT technologies (control systems), but also on non-standard components (PLCs), with a high risk of compromising availability.
When it comes to auditing industrial systems, Synetis takes a global, structured and pragmatic approach.takes into account the organizational and technical constraints of your production environment (sensitivity of equipment, diversity of entry points, partitioning of industrial networks, specificity of technologies, obsolescence management), and in particular verifies both organizational and technical security measures, as well as the exposure of industrial networks to the risks of cyber intrusion.
Faced with potential industrial risks, Synetis uses the ANSSI guides relating to the cybersecurity of industrial systems. In its approach, Synetis focuses on the following points (non-exhaustive list):
- Statements concerning the context of employment (chain of responsibility in particular) ;
- Verification of physical, logical and application mapping ;
- Backup plan ;
- Document management ;
- Analysis of design and specification phases.
- Account and authentication management ;
- Partitioning industrial systems ;
- Protocol security ;
- Hardening of configurations
- Active monitoring of vulnerabilities and maintenance of a configuration repository for industrial system components;
- Mobile equipment management ;
- Console, station and substation safety.
- Industrial system monitoring.
To complete the previous work, intrusion tests on industrial systems allow (for teams whose job it is not) to integrate the cyber problem within the industrial environment. After a phase of recognition of the industrial system as well as the discovery of active equipment (tcpdump probe, passive and active ARP scans, etc.) and services (TCP and UDP scans, etc.), the Synetis auditor seeks to identify the key components of the industrial system such as RTU-type programmable logic controllers (PLC) or PLCs, control systems (SCADA), supervision and control systems, etc. Finally, before the auditor’s manual testing phase, the auditor verifies the presence of vulnerabilities through a vulnerability scan solution and the use of SCADA categorized plugins. Other aspects can also be addressed, such as checking for the use of default passwords, identifying access accounts from the HTTP service of certain PLCs, etc.
The vulnerabilities generally identified on industrial IS are :
- Lack of management of security patches, hardware obsolescence, monitoring of vulnerabilities and threats;
- Insufficient or incomplete password policies, lack of account management and authentication ;
- The absence of a management policy for connection interfaces (USB port for example), remote access ;
- The use of uncontrolled nomadic terminals ;
- An uncontrolled cartography or even the absence of control of the configuration or the absence of secured configurations ;
- The use of vulnerable equipment and/or protocols ;
- A lack of physical access control, partitioning, remote maintenance ;
- Insufficient supervision of cybersecurity events (logging of security events is often limited and not fully exploited).