Overview
ABSTRACT
The cybersecurity of industrial facilities and Internet of Things systems is a very important issue. Systems are increasingly interconnected, and attacks are becoming more numerous. Consequences can be dramatic. This article explains the specifics of these systems and describes their main vulnerabilities. It then reviews the main standards and guides, before presenting the methods and technical solutions that make it possible to implement a risk management approach.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Jean-Marie FLAUS: Professor - GSCOP, Grenoble Alpes University, Grenoble
INTRODUCTION
In today's world, many physical systems are driven by computer systems. Almost all industrial systems, water and energy distribution systems, transportation systems and even everyday appliances are in this category. These systems are increasingly interconnected via the Internet, making them a major target for malicious computer attacks. The consequences can range from a production stoppage or loss of service, in the case of a manufacturing site or an electrical power distribution infrastructure, to the endangerment of human life, in the case of a high-risk chemical site or a vehicle.
Project Aurora, in 2007, demonstrated that a software modification could lead to the physical destruction of a facility. Shortly afterwards, in 2010, the notorious Stuxnet virus led to the destruction of Iran's uranium separation facilities.
This threat is therefore real, and control of this cyber risk by critical infrastructure operators, industrial plant operators and product manufacturers is becoming unavoidable. This is all the more the case now that public authorities have begun to introduce regulations such as the NIS Directive, which applies from 2018.
However, the cybersecurity of industrial plants poses specific problems in relation to information processing systems.
This is because operating constraints are different, the life cycle is longer, which means that existing equipment has to be taken into account, equipment is very heterogeneous, and the culture of those involved is not the same as in the IT world.
To help manufacturers in their approach, various standardization bodies and institutes in charge of digital security have proposed standards and guides. One of the most important standards is the IEC 62443 developed by ISA.
In this article, after detailing the specific features of industrial facilities and their main vulnerabilities, we present the main approaches and methodological and technical solutions for managing cybersecurity risks.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
KEYWORDS
Critical Infrastructures | industrial cybersecurity | scada | industrial internet of things
CAN BE ALSO FOUND IN:
Home IT Security of information systems Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT
Home Industrial engineering Design and production Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT
Home Environment - Safety Safety and risk management Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT
Home Environment - Safety Water technologies Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT
Home IT Networks and Telecommunications Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT
This article is included in
Control and systems engineering
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Cybersecurity for industrial facilities
Bibliography
- (1) - WILLIAMS (T.J.) - A Reference Model for Computer Integrated Manufacturing from the Viewpoint of Industrial Automation. - IFAC Proceedings Volumes. 23 (1990). http://281-291. 10.1016/S1474-6670(17)51748-6
- ...
Standards and norms
- Series of standards on Industrial Automation and Control Systems Security. - ISA/IEC 62443 -
- Functional safety of electrical/electronic/programmable electronic safety-related systems - EC 61508-1 - 2010
- Industrial communication networks – Network and system security – Part 1-1: terminology, concepts and models - CEI/TS 62443-1-1 - 2009
- Industrial communication networks – Network and system security...
Regulations
Seveso III, Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC,
NIS, Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information...
Directory
Organizations – Federations – Associations (non-exhaustive list)
ANSSI (French National Agency for Information Systems Security) https://www.ssi.gouv.fr
Software
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference