Cybersecurity and SCADA: why they go hand in hand ?
The world of IT is constantly evolving and providing businesses with increasingly powerful and sophisticated tools. The increasing openness offered by improved system interoperability, the development of cloud technologies and digitization of processes are all innovation opportunities not to be missed. However, these new drivers of technological change also carry their share of risk. The growing number of companies impacted on a daily basis by cyberattacks is a sober reminder of this!
Given this situation, Codra has prioritized the cyber security of industrial systems in its product development and management strategy. Thanks to extensive experience in 2highly information sensitive” SCADA projects, our teams have always been very aware of IT security. You could say it’s in our DNA.
As a result of this strategy, in 2019 Panorama E2 was the first SCADA platform to be awarded First Level Security Certification (CSPN) issued by the French National Cybersecurity Agency (ANSSI [1]).
Cybersecurity is a never-ending race. That’s why, from the outset, Codra opted for a secure by design approach, with the aim of continuously improving the solution. In early 2020, the next step was taken with the Qualification [3] of Panorama. This recognition by the French government guarantees not only the robustness of Panorama E2 software but also the skills and commitment of Codra.
In 2023, Panorama E2 2022 version was awarded renewed certification and qualification by ANSSI. These milestones confirm our determination to provide you with reliable, robust solutions that will stand the test of time.
ANSSI certification and qualification: a major asset in your cyber strategy
Our collaborative approach with ANSSI is driven by the desire to support our customers with their day-to-day security issues. The aim of certification programs is to check that a product is appropriately matched to its “security target” (a target defined with ANSSI).
To date, Panorama software is the only SCADA application to have met the high level requirement criteria arising from client and server protection profiles. In concrete terms, this means it is now possible to implement security functions within Panorama to defend assets that require protection based on attacker types and threats identified.
By choosing Panorama software, you are choosing a SCADA system recommended by the French state, proven and approved by the government agency responsible for information system security issues.
Using software like Panorama therefore allows you to create SCADA applications that include security and securing mechanisms. This enables you to improve your defense in depth, reduce your risk of vulnerabilities, and achieve better protection. Codra provides a concrete solution that is easy to implement in your environment and accessible to as many people as possible.
« Qualification gives you the reassurance that you are choosing solutions compliant with proven high levels of security and criteria of trust. This guarantees that you are using solutions recommended by the French State and used by the French government, operators of vital importance (OIV) and companies working in the most sensitive sectors »
Official ANSSI document
Cybersecurity and SCADA: how to implement them ?
Digital transformation is being undertaken in all companies – whether involved in the industrial, construction, nuclear, transport, energy, water, research or defense sectors – to meet the challenges raised by the Fourth Industrial Revolution.
For those responsible for operations and plants, the major challenge is to ensure the continuing evolution of their production and operating systems. And to move them from a closed and isolated model to a more open and interconnected way of functioning with all of the company’s systems: ERP, MES, CMMS, VMS, etc. With the Panorama Suite, you can bring together safety and security systems into an integrated SCADA solution.
This interconnection driven by the emergence of new technologies such as mobile applications, connected objects, the cloud and big data paradoxically represents both unprecedented opportunities for innovation but also threats to the integrity of systems.
While cyberattacks against businesses are often external in origin, most of them are initiated from within by “someone in a trusted position”. They are sometimes malicious in nature, but unauthorized access can also often be caused inadvertently. In both cases, and although installations are incorporated into a “security bubble”, access to a computer systems infrastructure can be compromised, jeopardizing the functioning of systems and the integrity of data with the disastrous consequences we can imagine.
The cybersecurity issues in industrial systems using SCADA applications are well-known but they can be extended to all users of the SCADA system. The aim is to converge operational needs with those of IS security. This is known as OT/IT convergence.
Although the world of OT (Operational Technology) and that of IT (Information Technology) use similar technologies, they nevertheless have different functions and issues and this can introduce a number of difficulties. For OT stakeholders this involves interpreting and applying the security constraints of industrial network architectures, while for IT staff their aim is to understand operating and production issues.
To remedy this situation, each side must make an assessment and analyze the risks within its perimeter of activity, maintain control of and monitor organizational security, and choose a SCADA solution capable of concretely addressing these cybersecurity and network security challenges.
Simplified implementation of a security system based on cyber mechanisms to guard against attacks
Taking cybersecurity measures and implementing data protection processes is not easy, especially in instrumentation and control systems. Despite this, Codra wanted to provide diverse and simple answers to assist its customers without them having to be cyber experts.
Our certification process applies not only to operators of vital importance (OIV) and operators of essential services (OSE). It is aimed at all manufacturers and operators who are concerned about digital security issues both at software and infrastructure level. This is of course reflected in the cybersecurity mechanisms that can be activated in Panorama but more generally through provision of:
- a comprehensive guide explaining cybersecurity best practices
- a methodology for implementing Panorama SCADA software
- an automatic configuration wizard (tool in Panorama)
- Panorama cybersecurity training to improve knowledge
- a Panorama CSIRT to keep up to date with the latest cyber developments in the product
As you can see, the protection of our customers’ SCADA systems is our top priority! We want it to be concrete, easy to implement and accessible to the largest number of people possible.
The CSIRT
In order to guarantee constant dialogue between users and Panorama technical teams, Codra has also set up a product Computer Security Incident Response Team (CSIRT). Available since 2018, it allows companies to work on the issue of prevention, in particular by publishing security bulletins and issuing security patches.
Demo
Do you have a project to develop? A simple question to ask us?
Our teams are available to give you a demonstration or simply answer your questions!