Cyber security: what are the risks and how can we protect ourselves?

Computerized and interconnected, industrial systems are increasingly exposed to cyberattacks. What are the risks and how to develop an effective cybersecurity strategy to protect yourself? Vincent Nicaise, Industrial Partnership and Ecosystem Manager at the cybersecurity software publisher Stormshield , discusses these key issues.

Computer attacks, the pressure is mounting

A cyberattack harms a computer system for political or criminal purposes or to harm the business of the target. Ransomware, or ransomware, is malicious software that encrypts the contents of a computer or server. Attackers demand ransom payment to provide decryption key. “ A ransomware-type cyberattack can be introduced by a simple fishing attempt (or phishing) on a PC : an employee clicks on a corrupted link and all of the workstations are then affected. There are other types of attacks, but ransomware is the one that has grown the most in recent years,” explains Vincent Nicaise.

If the Internet is a major vector of risk, attackers can also go through subcontracting companies to reach several industries. One certainty: the number of computer attacks is on the rise. According to the "Panorama of the IT threat 2021 " of the National Agency for the Security of Information Systems (ANSSI), intrusions into information systems increased by 37% in 2021 compared to 2020. The digitization of the industry sector contributes significantly to the sharp rise in cyber risk.

“ At one time, some factories were isolated. They are now interconnected to improve performance, which makes them more vulnerable. We are also seeing a professionalization of cyberattackers. Each offensive consists of several stages and previously only one group could carry out the operation. Today, cybercriminals specialize in service providers and offer their skills on one or more stages of the attack”, specifies Vincent Nicaise.

The diversity of the risks incurred

The risks of a cyberattack are of different orders. The intrusion of office networks is the cause of several damages: theft of data, loss of turnover, engagement of the civil liability of the manager. In addition to these general risks, others apply exclusively to industrial environments:

·          Material damage: "In the case of a cement plant, the kiln used is designed to operate in high temperature ranges, but if use becomes out of the ordinary, the impact on the material can be disastrous", emphasizes Vincent Nicaise.

·          Bodily injury: “ Let us cite the example of a takeover of a railway track switch which could allow a collision of trains”.

·          Environmental impact: “ In a wastewater treatment plant, the discharge of wastewater into a river or a park may involve pollution of the natural environment . »

Thus, by harming the activity of an industry, a cyberattack can generate damage for an entire population or geographic sector. “ The digital environment is today a theater of war in the same way as the land, the air or the sea, analyzes Vincent Nicaise. Historically, this threat was centered on critical infrastructures, i.e. ministries, defence, operators of essential services (transport, energy, water, etc.) , operators of vital importance whose unavailability would threaten the security or survival of the nation . Since the global "WannaCry" ransomware attack in 2017, we can see that all industrial environments are now targeted. The motivation is no longer political but also and above all criminal ”.

Deploy cybersecurity to protect yourself

Faced with the growing risk of computer attacks, manufacturers are taking up the subject and implementing cybersecurity strategies. “ The first imperative is to carry out a risk analysis to identify the dangers and their probabilities of occurrence. Then, it is important to carry out a mapping of the industrial network to ensure that you know and control the entire network to be protected. Once these steps have been completed, cybersecurity solutions should be put in place to protect the network according to the identified risks. In the case of an industrialist with several factories around the world, we could, for example, choose to secure a particularly critical site and then extend the system to others ,” explains Vincent Nicaise.

Software publishers specializing in computer security offer solutions for the various fields of activity. “Firewalls make it possible, for example, to secure exchanges between IT and OT or even to segment networks which are for the most part “flat” and where all equipment can communicate with each other without restriction” . A workstation can also be protected in order to avoid any encryption or the insertion of malware by a USB key, for example. The solution to be implemented is above all technical, but software alone will not be able to secure an entire computer network. " The plurality of complementary solutions is necessary and this also involves setting up a clearly defined process and organization. All industrial sites can be secured, even if they are 20 or 30 years old ”.

Invest in a suitable strategy

Awareness of cybersecurity best practices, for internal teams but also for subcontractors, is crucial to limit as much as possible the flaws allowing attackers to infiltrate a system. “ Companies rely on information systems security managers (RSSI) . The role of these experts now extends to industrial environments. However, the design, operation and operation of these systems are very different. These networks are very often located in constrained environments (tunnel, quarry, building, etc.) , in factories that run 24/7, with automatons sometimes designed more than 10 or 20 years ago and devoid of any mechanism safety" , explains Vincent Nicaise.

To protect themselves, some groups create positions dedicated to industrial cybersecurity. In other cases, we are witnessing an increase in the skills of the RSSI or the automation engineers in charge of the plants. The answers can therefore be multiple, adapted to each industrial environment, but the establishment of an organization dedicated to the challenges of cybersecurity, the deployment of technical means and the respect of good practices are required.

The National Information Systems Security Agency (ANSSI) recommends dedicating at least 5% of the IT budget to cybersecurity. “ The level of maturity of manufacturers is increasing but the investments are not always sufficient. Unlocking budgets dedicated to cybersecurity is nevertheless necessary. It does not make it possible to produce faster, but in the event of an attack, it avoids a production stoppage, real damage and costs ,” concludes Vincent Nicaise.