Cybersecurity and SCADA: brwhy they go hand in hand ?
The world of IT is constantly evolving and providing businesses with increasingly powerful and sophisticated tools. The increasing openness offered by improved system interoperability, the development of cloud technologies and digitization of processes are all innovation opportunities not to be missed. However, these new drivers of technological change also carry their share of risk. The growing number of companies impacted on a daily basis by cyberattacks is a sober reminder of this!
Given this situation, Codra has prioritized the cyber security of industrial systems in its product development and management strategy. Thanks to extensive experience in 2highly information sensitive” SCADA projects, our teams have always been very aware of IT security. You could say it’s in our DNA.
ANSSI certification and qualification: a major asset in your cyber security approach
CODRA’s collaboration with ANSSI is part of a long-term approach aimed at supporting its customers in addressing cybersecurity challenges. The certification verifies that the Panorama software complies with a security target defined with ANSSI. To date, Panorama is the only SCADA system to meet the requirements of server and client application protection profiles, integrating security mechanisms adapted to identified threats. Recommended by the French government, Panorama enables the design of SCADA applications that integrate in-depth defence, reducing the risk of vulnerabilities and strengthening the protection of industrial systems.
This strategy led Panorama E2 to become, in 2019, the first SCADA platform to be CSPN certified by ANSSI. Committed to a secure by design approach and continuous improvement, CODRA reached a new milestone in 2020 with ANSSI’s qualification of Panorama. This recognition attests to both the robustness of the solution and CODRA’s expertise. In 2023, the renewal of the certification and qualification for Panorama E2 2022 confirms the reliability and sustainability of the solutions offered.
« Qualification gives you the reassurance that you are choosing solutions compliant with proven high levels of security and criteria of trust. This guarantees that you are using solutions recommended by the French State and used by the French government, operators of vital importance (OIV) and companies working in the most sensitive sectors »
Official ANSSI document
CVE and CNA programme: CODRA, a committed player in cybersecurity
As part of its proactive approach to cybersecurity, CODRA has joined the CVE Programme and is a CVE numbering authority (CNA) for all its SCADA and MES solutions. This status enables CODRA to identify, qualify and transparently publish vulnerabilities affecting its products, with CVE identifiers that are recognised and referenced in all major international databases. As a single point of contact for cybersecurity, CODRA strengthens coordination with the cyber community and ensures rapid dissemination of alerts and patches to its customers. This commitment is part of the ongoing protection of critical facilities and the resilience of industrial systems.
Cybersecurity and SCADA: how to implement them ?
Digital transformation is being undertaken in all companies – whether involved in the industrial, construction, nuclear, transport, energy, water, research or defense sectors – to meet the challenges raised by the Fourth Industrial Revolution.
For those responsible for operations and plants, the major challenge is to ensure the continuing evolution of their production and operating systems. And to move them from a closed and isolated model to a more open and interconnected way of functioning with all of the company’s systems: ERP, MES, CMMS, VMS, etc. With the Panorama Suite, you can bring together safety and security systems into an integrated SCADA solution.
This interconnection driven by the emergence of new technologies such as mobile applications, connected objects, the cloud and big data paradoxically represents both unprecedented opportunities for innovation but also threats to the integrity of systems.
While cyberattacks against businesses are often external in origin, most of them are initiated from within by “someone in a trusted position”. They are sometimes malicious in nature, but unauthorized access can also often be caused inadvertently. In both cases, and although installations are incorporated into a “security bubble”, access to a computer systems infrastructure can be compromised, jeopardizing the functioning of systems and the integrity of data with the disastrous consequences we can imagine.
The cybersecurity issues in industrial systems using SCADA applications are well-known but they can be extended to all users of the SCADA system. The aim is to converge operational needs with those of IS security. This is known as OT/IT convergence.
Although the world of OT (Operational Technology) and that of IT (Information Technology) use similar technologies, they nevertheless have different functions and issues and this can introduce a number of difficulties. For OT stakeholders this involves interpreting and applying the security constraints of industrial network architectures, while for IT staff their aim is to understand operating and production issues.
To remedy this situation, each side must make an assessment and analyze the risks within its perimeter of activity, maintain control of and monitor organizational security, and choose a SCADA solution capable of concretely addressing these cybersecurity and network security challenges.
Simplified implementation of a security system based on cyber mechanisms to guard against attacks
Taking cybersecurity measures and implementing data protection processes is not easy, especially in instrumentation and control systems. Despite this, Codra wanted to provide diverse and simple answers to assist its customers without them having to be cyber experts.
Our cyber approach does not only concern EE and EI (Essential Entities and Important Entities, nomenclature from the European NIS 2 directive). It is aimed at all manufacturers and operators who are concerned about digital security issues both at software and infrastructure level. This is of course reflected in the cybersecurity mechanisms that can be activated in Panorama but more generally through provision of:
- a comprehensive guide explaining cybersecurity best practices
- a methodology for implementing Panorama SCADA software
- an automatic configuration wizard (tool in Panorama)
- Panorama cybersecurity training to improve knowledge
- a CSIRT to stay informed about the latest cyber developments in products and vulnerabilities with a CVE ID
As you can see, the protection of our customers’ SCADA systems is our top priority! We want it to be concrete, easy to implement and accessible to the largest number of people possible.
Demo
Do you have a project to develop? A simple question to ask us?
Our teams are available to give you a demonstration or simply answer your questions!