Cybersecurity of industrial systems has become a real concern and initiatives are proliferating. Unprepared companies find themselves unarmed in the face of this new threat.
The issue is even more complex as industrial systems are not designed in this context and are not just about them, but also include tertiary systems described later.
These new problems seem to be strongly linked to information and communication technologies (ICT). A few questions come to mind at this point:
So should we turn to less computerized management of installations? Which approach should be adopted? (Having a safety or cybersecurity approach) What are the common security vulnerabilities? Why not see cybersecurity as an opportunity, performance and cost reduction factor?
What is hidden behind this mysterious name of industrial systems or, in other words, Industrial Control System (ICS)?
Specifies a set of computerized and automated tools (SCADA, PLC, SIS, RTU, SNCC and other well-known abbreviations, etc.) that provide control and management of industrial processes.
Industry, transportation, health, water treatment and many other sectors use them. Users, equipment manufacturers, integrators and consulting firms involved in ICS are beginning to become timidly aware of cybersecurity.
The risk of increasing the security of their facilities or becoming a victim of major incidents, which is vital to their operations, is gradually being realized.
This safety awareness has not yet started in the field of Technical Building Management (BMS), whose purpose is to control tertiary systems such as ventilation, air conditioning and heating. But BMS should integrate cybersecurity like ICS.
While these areas of application are different, the technologies used are similar and the actors usually belong to a business unit with respect to the one responsible for ICS.
This ecosystem has grown even more recently with the emergence of what might be called Smart Systems, which expands ICS and BMS technologies to a city, region or country scale.
While ICS and GTB have to deal with cybersecurity in installations not designed for this, Smart Systems will grow out of this new anxiety of having to face this scourge of the 21st century.
Cyber Security Issues for ICS, BMS and Smart Systems
Whether we consider ICS, BMS or Smart-Systems, the purpose of cybersecurity is common.
Dealing with malicious intent risks arising from individuals or groups who use vulnerabilities in computerized and automated systems to harm (discredit, sabotage).
Attackers can come from a wide variety of backgrounds and launch their attacks from multiple locations, including the facilities themselves.
From corrupt employees to ideological, government or terrorist organizations, the motivations of the attackers are multiple (revenge, ideology, rivalry, challenge, etc.). Cybersecurity issues often seem abstract and distant for the GTB family.
The Relationship Between Security and Cybersecurity
Failures due to equipment failure are well known and are already causing incidents. Reliability experts (SDF) know the subject. So where is the innovation?
While statistical analysis and backup techniques used in SDF are effective ways to deal with risks of equipment failure, they do not cover cyberattack risks.
While it is unlikely that two redundant systems will fail at the same time, an attacker might want to take control of both systems at the same time, if possible.
It is easy for an attacker to repeatedly repeat malicious commands on a large number of systems and mislead users with false information.
In addition, unlike the SDG, threats in the cyber world are developing rapidly. Vulnerabilities in products and technologies are detected daily.
The cyber attacker's tools are becoming more effective and accessible to an increasing number of individuals.
This dichotomy between the world of homelessness and cybersecurity is a brake. Changing thought patterns is difficult. However, it is urgent to succeed in dividing these two worlds.
Security standards must be tailored to take cybersecurity into account and prevent the integrity of the Security Instrumented Systems (SIS) that protect people's lives from being challenged by a computer attack.