Cybersecurity Services (France)
Cybersecurity Services (France)
Features
Risk Analysis
As a mandatory crossing point for any security initiative, the Schneider Electric experts use ANSSI's EBIOS risk analysis and security requirements methodology, while adapting it to the industrial environment.
Goal
The purpose of this service is to assess the risks you face in the course of the operation of your automation system.
This risk assessment will allow:
• To identify and evaluate all cyber risks vis-à-vis your process
• Define the corrective actions
• Prioritize these actions and define action plans
With respect to your context, the risk assessment will allow you to:
• Decide what action to take or not and justify your choices. Thus, the non-deployment or postponement of deployment of a measure, even if it represents a deviation from your benchmark could be justified by a cost higher than the estimated cost to accept the risk
• Define priorities in the deployment of measures
Methodology
The methodology used is based on:
• EBIOS methodology (Expressions of Needs and Identification of Security Objectives), Methodology proven in the field and recommended by ANSSI (National Agency for Security Systems of information)
• The Schneider Electric experience and expertise of your business and the technologies implemented in the automation systems.
Compliance audit of industrial networks and SCADA
How do you know the level of security of the configurations deployed on the industrial equipments? By performing a compliance audit service by reference to the selected reference framework (ANSSI, IEC62443, to name a few).
Automation part
Configuration audit
Analysis of the programs with a detailed study of the inter-PLC communications, reconstitution of the mapping of the flows exchanged on the industrial network, analysis of the processor load and quantification of reservations, recommendations to reduce communication resources and thus avoid connection errors and disturbances on the industrial network.
Security audit
Analysis of the implementation of Cybersecurity functions available in the PLC range concerned, recommendations of the functions to be implemented, analysis of the exposure to the vulnerabilities discovered and proposal for a corrective action plan.
Industrial network part
Network architecture audit
Analysis of the configuration of network equipment (switches, routers) according to the redundancy protocol retained, analysis of equipment logs, flow measurement at different strategic points of the network to analyze the bandwidth and any communication errors.
Security audit
Analysis of the configuration of network equipment from a security point of view, for example with verification following points:
• Passwords and login
• Active services
• Use of ports and their activation / deactivation
• Network segmentation
• SNMP version implemented
Network Audit
How do you deploy security on a network that is malfunctioning? Schneider Electric relies on RFC2544 to reclose your Ethernet network and provide you with manufacturer validation.
Inventory and mapping of equipment
• Inventory of equipment
• List of references of equipment and their software versions
• Network topology
Stream capture & analysis
• Flow Identification: Flow Matrix
• Detection of faulty or incorrectly configured equipment
• Measurement of bandwidth and percentage of network usage
• Protocol analysis of flows
• Identification of the most communicating equipment
• Highlighting equipment at the limits of their capabilities
• Optimization of exchanges
Physical audit
• Deployed hardware (obsolescence, manufacturer support, compatibility)
• State of the wiring (copper, FO)
• Compliance with the scheme / Architecture / Identification of active and passive equipment
• Optical power
Configuration audit
• Configuration of the network parameters (respect of the IP addressing plan, VLAN)
• Flow management
• Redundancy management
• Diagnosis (Syslog, SNMP, network administration)
• Time synchronization
Performance certification
• Dynamic tests of the target maximum allowable load level
• Recovery measure of redundant elements
• Implementation of the RFC2544 test protocol with expert certification tools
Security audit
• Authentication management
• Active services
• Network Segmentation / Flow Control
• Log monitoring / network administration
• Firmware version of the equipment (version level, homogeneity, identified faults)
SNi40 Industrial Firewall
As an industrial firewall qualified by the ANSSI, the SNi40 is the solution chosen by Schneider Electric to secure the IT / OT interconnections. Adapted to industrial constraints, this high-performance firewall can also be positioned as close as possible to PLCs.
The SNi40 Firewall for Industrial Ethernet Networks is a security device designed to protect industrial networks, automation systems, SCADA systems and processes against attacks external cyber attacks.
The SNi40 Firewall provides custom protection for the installed base and new installations requiring increased security and availability. It delineates secure areas within a system global.
The SNi40 firewall includes the following features:
• Application firewall: allows you to create rules that identify which devices are allowed to communicate using the TCP-Modbus protocol and manages the filtering of Modbus and UMAS requests
• Router: Routes packets from one network interface to another
• Bridge mode (transparent)
• VPN: Secure management of flows (IPSEC, SSL)
• Event Logging: Maintains a log file of security events and allows local access or remote to this newspaper
• High availability in redundant architecture
• Authentication management
Industrial Privileged Access Management (i-PAM)
Do you want to control your remote access and trace all the operations performed on your industrial system? The i-PAM solution is what you need! The i-PAM offer protects privileged accounts of SCIs and SCADA systems and traces access between Command Control Systems, IT environments, the Internet and remote users. Based on WALLIX Bastion technology, the i-PAM offering is available in industrial appliances that have resistance to heat, vibrations or water.
i-PAM makes it possible to:
• Optimize configuration with auto-discovery of all privileged accounts Windows and Linux
• Control and protect access to equipment, PLCs and fieldbuses:
management of identifiers, connection agreement on certain equipment and according to certain frequencies
• Apply a granular policy of connecting internal and external users
• Secure and manage the automatic rotation of passwords and SSH keys, in especially those of remote users with the SCI
• Isolate critical systems by controlling access to rebound servers
• Alert real-time IT department, technology managers operational team and the security team to detect, respond automatically and halt the progression of an ongoing attack, thereby minimizing disturbances and possible damage to the business
• Trace and save connections, benefit from a real-time audit and reportings complete
CyberTec Secure Maintenance Console
As a true all-terrain maintenance PC, CyberTec allows operators to maintain installations safely.
CyberTec is a programming and maintenance console whose operating system has been secured, in accordance with the CIS guide and the ANSSI security guide, in order to resist cyber-threats.
BIOS security
• Boot only on the hard drive
• TPM option enabled
• Secure boot / UEFI
User Policy
Device access, application execution, update, and so on policies are dynamic in function of the authenticated user. The daily user has only the necessary rights to work everyday.
Executable control
Only applications that are whitelisted can run, plus file and executables is controlled.
Device Control
• Disabling devices, Bluetooth, Wifi, SD card reader
• Control of USB keys authorized to connect by serial number
• Control of USB drivers, prohibition to connect unknown USB devices encryption
In order to guarantee the confidentiality of the data contained on the hard disk, it is encrypted with a solution EAL3 certified.
HIPS
Host-based Intrusion Prevention System is a hardening system and defense tool that prevents exploitation of software vulnerabilities.
Analysis and decontamination of removable media
The SAS USB offer is a solution consisting of several elements: a white station that analyzes and decontaminates your USB media, a server that controls all of your terminals, and then retrieves the history of their analysis. Finally with the WorkStation Protect Agent, the Kub gives you the option to block all external devices have not been analyzed.
Here are a few highlights:
• A white station composed of 2 to 5 antivirus engines
• Updates in "online" or "offline" mode in rugged or isolated environments
• Control and protect access to your equipment, PLCs, using the Workstation Protect agent
• Block access of storage devices to USB ports. Only removable media that has been certified by a KUB will be allowed for a period of time defined by your security policy
• Monitor all activity of your KUBs through the Admin Console to retrieve all of their analyzes
• Easily integrate your KUB architecture with your supervision tools (SIEM, Syslog, etc.)
• Use the station screen to educate your users about cyber security by providing content form of video or text during the analysis of their support
CYBINDUS Training - Expert Level
Designed as a real project for securing an industrial installation, the Cybersecurity Project's approach is based on a 3 day workshop, which alternate theory and practical work on models in pairs.
Cybersecurity:
Program in accordance with the specifications drawn up by ANSSI: "Guide for Training on Cybersecurity of Industrial Systems"
Reminders and introduction on industrial systems:
definitions, the different types of industrial systems
composition of an industrial system
the programming languages in automatism
industrial protocols and fieldbuses
classical network architectures of industrial systems
Recalls and introduction on cybersecurity:
definitions of cybersecurity
cybersecurity issues
categories of attacks and operating modes
principles of deployment of a cybersecurity project
introduction to good practices
Industrial Cybersecurity:
dependability and cybersecurity
examples of incidents on industrial systems
vulnerabilities and vectors of classic attacks
overview of norms and standards
in France, the Military Programming Law
ANSSI recommendations: organizational and technical aspects, classification method, details of the main measures
Practical exercises :
implementation VPN communication (automatician profile)
Getting started programming API (computer profile)
equipment inventory and mapping
classification and risk analysis
SENCYB Training - Basic Level
For anyone wishing to learn more about Cybersecurity, this awareness day provides concrete information on recent cyber attacks, gives examples of architectural security and details precisely the regulatory context of ANSSI.
Training content
Cybersecurity:
training based on the ANSSI standard "Cybersecurity of industrial systems"
Reminders and introduction on industrial systems:
definitions, the different types of industrial systems
typical architecture of an industrial system
Recalls and introduction on cybersecurity:
definitions of cybersecurity
overview of norms and standards
categories of attacks and operating modes
introduction to good practice
defense concept in depth
Industrial Cybersecurity:
examples of incidents on industrial systems
presentation of a concrete case in phase with the news
vulnerabilities and vectors of classic attacks
built-in security features in products
security products, roles and functions
Practical exercises :
quiz "good practices"
identify vulnerabilities
Application material
Cyber attack demonstration platform consisting of:
PLC
switch
PC
firewall
Risk Analysis
As a mandatory crossing point for any security initiative, the Schneider Electric experts use ANSSI's EBIOS risk analysis and security requirements methodology, while adapting it to the industrial environment.
Goal
The purpose of this service is to assess the risks you face in the course of the operation of your automation system.
This risk assessment will allow:
• To identify and evaluate all cyber risks vis-à-vis your process
• Define the corrective actions
• Prioritize these actions and define action plans
With respect to your context, the risk assessment will allow you to:
• Decide what action to take or not and justify your choices. Thus, the non-deployment or postponement of deployment of a measure, even if it represents a deviation from your benchmark could be justified by a cost higher than the estimated cost to accept the risk
• Define priorities in the deployment of measures
Methodology
The methodology used is based on:
• EBIOS methodology (Expressions of Needs and Identification of Security Objectives), Methodology proven in the field and recommended by ANSSI (National Agency for Security Systems of information)
• The Schneider Electric experience and expertise of your business and the technologies implemented in the automation systems.
Compliance audit of industrial networks and SCADA
How do you know the level of security of the configurations deployed on the industrial equipments? By performing a compliance audit service by reference to the selected reference framework (ANSSI, IEC62443, to name a few).
Automation part
Configuration audit
Analysis of the programs with a detailed study of the inter-PLC communications, reconstitution of the mapping of the flows exchanged on the industrial network, analysis of the processor load and quantification of reservations, recommendations to reduce communication resources and thus avoid connection errors and disturbances on the industrial network.
Security audit
Analysis of the implementation of Cybersecurity functions available in the PLC range concerned, recommendations of the functions to be implemented, analysis of the exposure to the vulnerabilities discovered and proposal for a corrective action plan.
Industrial network part
Network architecture audit
Analysis of the configuration of network equipment (switches, routers) according to the redundancy protocol retained, analysis of equipment logs, flow measurement at different strategic points of the network to analyze the bandwidth and any communication errors.
Security audit
Analysis of the configuration of network equipment from a security point of view, for example with verification following points:
• Passwords and login
• Active services
• Use of ports and their activation / deactivation
• Network segmentation
• SNMP version implemented
Network Audit
How do you deploy security on a network that is malfunctioning? Schneider Electric relies on RFC2544 to reclose your Ethernet network and provide you with manufacturer validation.
Inventory and mapping of equipment
• Inventory of equipment
• List of references of equipment and their software versions
• Network topology
Stream capture & analysis
• Flow Identification: Flow Matrix
• Detection of faulty or incorrectly configured equipment
• Measurement of bandwidth and percentage of network usage
• Protocol analysis of flows
• Identification of the most communicating equipment
• Highlighting equipment at the limits of their capabilities
• Optimization of exchanges
Physical audit
• Deployed hardware (obsolescence, manufacturer support, compatibility)
• State of the wiring (copper, FO)
• Compliance with the scheme / Architecture / Identification of active and passive equipment
• Optical power
Configuration audit
• Configuration of the network parameters (respect of the IP addressing plan, VLAN)
• Flow management
• Redundancy management
• Diagnosis (Syslog, SNMP, network administration)
• Time synchronization
Performance certification
• Dynamic tests of the target maximum allowable load level
• Recovery measure of redundant elements
• Implementation of the RFC2544 test protocol with expert certification tools
Security audit
• Authentication management
• Active services
• Network Segmentation / Flow Control
• Log monitoring / network administration
• Firmware version of the equipment (version level, homogeneity, identified faults)
SNi40 Industrial Firewall
As an industrial firewall qualified by the ANSSI, the SNi40 is the solution chosen by Schneider Electric to secure the IT / OT interconnections. Adapted to industrial constraints, this high-performance firewall can also be positioned as close as possible to PLCs.
The SNi40 Firewall for Industrial Ethernet Networks is a security device designed to protect industrial networks, automation systems, SCADA systems and processes against attacks external cyber attacks.
The SNi40 Firewall provides custom protection for the installed base and new installations requiring increased security and availability. It delineates secure areas within a system global.
The SNi40 firewall includes the following features:
• Application firewall: allows you to create rules that identify which devices are allowed to communicate using the TCP-Modbus protocol and manages the filtering of Modbus and UMAS requests
• Router: Routes packets from one network interface to another
• Bridge mode (transparent)
• VPN: Secure management of flows (IPSEC, SSL)
• Event Logging: Maintains a log file of security events and allows local access or remote to this newspaper
• High availability in redundant architecture
• Authentication management
Industrial Privileged Access Management (i-PAM)
Do you want to control your remote access and trace all the operations performed on your industrial system? The i-PAM solution is what you need! The i-PAM offer protects privileged accounts of SCIs and SCADA systems and traces access between Command Control Systems, IT environments, the Internet and remote users. Based on WALLIX Bastion technology, the i-PAM offering is available in industrial appliances that have resistance to heat, vibrations or water.
i-PAM makes it possible to:
• Optimize configuration with auto-discovery of all privileged accounts Windows and Linux
• Control and protect access to equipment, PLCs and fieldbuses:
management of identifiers, connection agreement on certain equipment and according to certain frequencies
• Apply a granular policy of connecting internal and external users
• Secure and manage the automatic rotation of passwords and SSH keys, in especially those of remote users with the SCI
• Isolate critical systems by controlling access to rebound servers
• Alert real-time IT department, technology managers operational team and the security team to detect, respond automatically and halt the progression of an ongoing attack, thereby minimizing disturbances and possible damage to the business
• Trace and save connections, benefit from a real-time audit and reportings complete
CyberTec Secure Maintenance Console
As a true all-terrain maintenance PC, CyberTec allows operators to maintain installations safely.
CyberTec is a programming and maintenance console whose operating system has been secured, in accordance with the CIS guide and the ANSSI security guide, in order to resist cyber-threats.
BIOS security
• Boot only on the hard drive
• TPM option enabled
• Secure boot / UEFI
User Policy
Device access, application execution, update, and so on policies are dynamic in function of the authenticated user. The daily user has only the necessary rights to work everyday.
Executable control
Only applications that are whitelisted can run, plus file and executables is controlled.
Device Control
• Disabling devices, Bluetooth, Wifi, SD card reader
• Control of USB keys authorized to connect by serial number
• Control of USB drivers, prohibition to connect unknown USB devices encryption
In order to guarantee the confidentiality of the data contained on the hard disk, it is encrypted with a solution EAL3 certified.
HIPS
Host-based Intrusion Prevention System is a hardening system and defense tool that prevents exploitation of software vulnerabilities.
Analysis and decontamination of removable media
The SAS USB offer is a solution consisting of several elements: a white station that analyzes and decontaminates your USB media, a server that controls all of your terminals, and then retrieves the history of their analysis. Finally with the WorkStation Protect Agent, the Kub gives you the option to block all external devices have not been analyzed.
Here are a few highlights:
• A white station composed of 2 to 5 antivirus engines
• Updates in "online" or "offline" mode in rugged or isolated environments
• Control and protect access to your equipment, PLCs, using the Workstation Protect agent
• Block access of storage devices to USB ports. Only removable media that has been certified by a KUB will be allowed for a period of time defined by your security policy
• Monitor all activity of your KUBs through the Admin Console to retrieve all of their analyzes
• Easily integrate your KUB architecture with your supervision tools (SIEM, Syslog, etc.)
• Use the station screen to educate your users about cyber security by providing content form of video or text during the analysis of their support
CYBINDUS Training - Expert Level
Designed as a real project for securing an industrial installation, the Cybersecurity Project's approach is based on a 3 day workshop, which alternate theory and practical work on models in pairs.
Cybersecurity:
Reminders and introduction on industrial systems:
Recalls and introduction on cybersecurity:
Industrial Cybersecurity:
Practical exercises :
SENCYB Training - Basic Level
For anyone wishing to learn more about Cybersecurity, this awareness day provides concrete information on recent cyber attacks, gives examples of architectural security and details precisely the regulatory context of ANSSI.
Training content
Cybersecurity:
Reminders and introduction on industrial systems:
Recalls and introduction on cybersecurity:
Industrial Cybersecurity:
Practical exercises :
Application material
Cyber attack demonstration platform consisting of: