Cybersecurity Services (France)

Network Engineering & Security, the first integrator compliant with the PIMSEC * repository of ANSSI
Published by Schneider Electric

Features

  • Risk Analysis
  • Compliance audit of industrial networks and SCADA
  • Network Audit
  • SNi40 Industrial Firewall
  • Industrial Privileged Access Management (i-PAM)
  • CyberTec Secure Maintenance Console
  • Analysis and decontamination of removable media
  • CYBINDUS Training - Expert Level
  • SENCYB Training - Basic Level

Risk Analysis

As a mandatory crossing point for any security initiative, the Schneider Electric experts use ANSSI's EBIOS risk analysis and security requirements methodology, while adapting it to the industrial environment.

Goal


The purpose of this service is to assess the risks you face in the course of the operation of your automation system.


This risk assessment will allow:
• To identify and evaluate all cyber risks vis-à-vis your process
• Define the corrective actions
• Prioritize these actions and define action plans


With respect to your context, the risk assessment will allow you to:
• Decide what action to take or not and justify your choices. Thus, the non-deployment or postponement of deployment of a measure, even if it represents a deviation from your benchmark could be justified by a cost higher than the estimated cost to accept the risk
• Define priorities in the deployment of measures


Methodology


The methodology used is based on:
• EBIOS methodology (Expressions of Needs and Identification of Security Objectives), Methodology proven in the field and recommended by ANSSI (National Agency for Security Systems of information)
• The Schneider Electric experience and expertise of your business and the technologies implemented in the automation systems.

Compliance audit of industrial networks and SCADA

How do you know the level of security of the configurations deployed on the industrial equipments? By performing a compliance audit service by reference to the selected reference framework (ANSSI, IEC62443, to name a few).

Automation part


Configuration audit
Analysis of the programs with a detailed study of the inter-PLC communications, reconstitution of the mapping of the flows exchanged on the industrial network, analysis of the processor load and quantification of reservations, recommendations to reduce communication resources and thus avoid connection errors and disturbances on the industrial network.


Security audit
Analysis of the implementation of Cybersecurity functions available in the PLC range concerned, recommendations of the functions to be implemented, analysis of the exposure to the vulnerabilities discovered and proposal for a corrective action plan.


Industrial network part


Network architecture audit
Analysis of the configuration of network equipment (switches, routers) according to the redundancy protocol retained, analysis of equipment logs, flow measurement at different strategic points of the network to analyze the bandwidth and any communication errors.


Security audit
Analysis of the configuration of network equipment from a security point of view, for example with verification following points:
• Passwords and login
• Active services
• Use of ports and their activation / deactivation
• Network segmentation
• SNMP version implemented

Network Audit

How do you deploy security on a network that is malfunctioning? Schneider Electric relies on RFC2544 to reclose your Ethernet network and provide you with manufacturer validation.

Inventory and mapping of equipment
• Inventory of equipment
• List of references of equipment and their software versions
• Network topology


Stream capture & analysis
• Flow Identification: Flow Matrix
• Detection of faulty or incorrectly configured equipment
• Measurement of bandwidth and percentage of network usage
• Protocol analysis of flows
• Identification of the most communicating equipment
• Highlighting equipment at the limits of their capabilities
• Optimization of exchanges


Physical audit
• Deployed hardware (obsolescence, manufacturer support, compatibility)
• State of the wiring (copper, FO)
• Compliance with the scheme / Architecture / Identification of active and passive equipment
• Optical power

Configuration audit
• Configuration of the network parameters (respect of the IP addressing plan, VLAN)
• Flow management
• Redundancy management
• Diagnosis (Syslog, SNMP, network administration)
• Time synchronization

Performance certification
• Dynamic tests of the target maximum allowable load level
• Recovery measure of redundant elements
• Implementation of the RFC2544 test protocol with expert certification tools

Security audit
• Authentication management
• Active services
• Network Segmentation / Flow Control
• Log monitoring / network administration
• Firmware version of the equipment (version level, homogeneity, identified faults)

SNi40 Industrial Firewall

As an industrial firewall qualified by the ANSSI, the SNi40 is the solution chosen by Schneider Electric to secure the IT / OT interconnections. Adapted to industrial constraints, this high-performance firewall can also be positioned as close as possible to PLCs.

The SNi40 Firewall for Industrial Ethernet Networks is a security device designed to protect industrial networks, automation systems, SCADA systems and processes against attacks external cyber attacks.


The SNi40 Firewall provides custom protection for the installed base and new installations requiring increased security and availability. It delineates secure areas within a system global.


The SNi40 firewall includes the following features:
• Application firewall: allows you to create rules that identify which devices are allowed to communicate using the TCP-Modbus protocol and manages the filtering of Modbus and UMAS requests
• Router: Routes packets from one network interface to another
• Bridge mode (transparent)
• VPN: Secure management of flows (IPSEC, SSL)
• Event Logging: Maintains a log file of security events and allows local access or remote to this newspaper
• High availability in redundant architecture
• Authentication management

Industrial Privileged Access Management (i-PAM)

Do you want to control your remote access and trace all the operations performed on your industrial system? The i-PAM solution is what you need! The i-PAM offer protects privileged accounts of SCIs and SCADA systems and traces access between Command Control Systems, IT environments, the Internet and remote users. Based on WALLIX Bastion technology, the i-PAM offering is available in industrial appliances that have resistance to heat, vibrations or water.

i-PAM makes it possible to:
• Optimize configuration with auto-discovery of all privileged accounts Windows and Linux
• Control and protect access to equipment, PLCs and fieldbuses:
management of identifiers, connection agreement on certain equipment and according to certain frequencies
• Apply a granular policy of connecting internal and external users
• Secure and manage the automatic rotation of passwords and SSH keys, in especially those of remote users with the SCI
• Isolate critical systems by controlling access to rebound servers
• Alert real-time IT department, technology managers operational team and the security team to detect, respond automatically and halt the progression of an ongoing attack, thereby minimizing disturbances and possible damage to the business
• Trace and save connections, benefit from a real-time audit and reportings complete

CyberTec Secure Maintenance Console

As a true all-terrain maintenance PC, CyberTec allows operators to maintain installations safely.

CyberTec is a programming and maintenance console whose operating system has been secured, in accordance with the CIS guide and the ANSSI security guide, in order to resist cyber-threats.


BIOS security
• Boot only on the hard drive
• TPM option enabled
• Secure boot / UEFI


User Policy
Device access, application execution, update, and so on policies are dynamic in function of the authenticated user. The daily user has only the necessary rights to work everyday.


Executable control
Only applications that are whitelisted can run, plus file and executables is controlled.


Device Control
• Disabling devices, Bluetooth, Wifi, SD card reader
• Control of USB keys authorized to connect by serial number
• Control of USB drivers, prohibition to connect unknown USB devices encryption

In order to guarantee the confidentiality of the data contained on the hard disk, it is encrypted with a solution EAL3 certified.


HIPS
Host-based Intrusion Prevention System is a hardening system and defense tool that prevents exploitation of software vulnerabilities.

Analysis and decontamination of removable media

The SAS USB offer is a solution consisting of several elements: a white station that analyzes and decontaminates your USB media, a server that controls all of your terminals, and then retrieves the history of their analysis. Finally with the WorkStation Protect Agent, the Kub gives you the option to block all external devices have not been analyzed.

Here are a few highlights:
• A white station composed of 2 to 5 antivirus engines
• Updates in "online" or "offline" mode in rugged or isolated environments
• Control and protect access to your equipment, PLCs, using the Workstation Protect agent
• Block access of storage devices to USB ports. Only removable media that has been certified by a KUB will be allowed for a period of time defined by your security policy
• Monitor all activity of your KUBs through the Admin Console to retrieve all of their analyzes
• Easily integrate your KUB architecture with your supervision tools (SIEM, Syslog, etc.)
• Use the station screen to educate your users about cyber security by providing content form of video or text during the analysis of their support

CYBINDUS Training - Expert Level

Designed as a real project for securing an industrial installation, the Cybersecurity Project's approach is based on a 3 day workshop, which alternate theory and practical work on models in pairs.

Cybersecurity:

  • Program in accordance with the specifications drawn up by ANSSI: "Guide for Training on Cybersecurity of Industrial Systems"
  • Reminders and introduction on industrial systems:

  • definitions, the different types of industrial systems
  • composition of an industrial system
  • the programming languages ​​in automatism
  • industrial protocols and fieldbuses
  • classical network architectures of industrial systems
  • Recalls and introduction on cybersecurity:

  • definitions of cybersecurity
  • cybersecurity issues
  • categories of attacks and operating modes
  • principles of deployment of a cybersecurity project
  • introduction to good practices
  • Industrial Cybersecurity:

  • dependability and cybersecurity
  • examples of incidents on industrial systems
  • vulnerabilities and vectors of classic attacks
  • overview of norms and standards
  • in France, the Military Programming Law
  • ANSSI recommendations: organizational and technical aspects, classification method, details of the main measures
  • Practical exercises :

  • implementation VPN communication (automatician profile)
  • Getting started programming API (computer profile)
  • equipment inventory and mapping
  • classification and risk analysis
  • SENCYB Training - Basic Level

    For anyone wishing to learn more about Cybersecurity, this awareness day provides concrete information on recent cyber attacks, gives examples of architectural security and details precisely the regulatory context of ANSSI.

    Training content

    Cybersecurity:

  • training based on the ANSSI standard "Cybersecurity of industrial systems"
  • Reminders and introduction on industrial systems:

  • definitions, the different types of industrial systems
  • typical architecture of an industrial system
  • Recalls and introduction on cybersecurity:

  • definitions of cybersecurity
  • overview of norms and standards
  • categories of attacks and operating modes
  • introduction to good practice
  • defense concept in depth
  • Industrial Cybersecurity:

  • examples of incidents on industrial systems
  • presentation of a concrete case in phase with the news
  • vulnerabilities and vectors of classic attacks
  • built-in security features in products
  • security products, roles and functions
  • Practical exercises :

  • quiz "good practices"
  • identify vulnerabilities
  • Application material

    Cyber ​​attack demonstration platform consisting of:

  • PLC
  • switch
  • PC
  • firewall
  • Unauthorised background image

    Your product is just steps away!

    Register for FREE to buy, get downloads and access free trials.

    Get Resources and Start FREE Trials

    Easy Product Activation with Your Account

    Products Saved to Personal Digital Library