Technologie Opérationnelle (OT)
Operational Technology (OT) is hardware and software that detects or causes change, through the
direct monitoring and/or control of industrial equipment, assets, processes and events.
However, operational technology security relies almost entirely on the autonomous nature
of OT installations, “security through obscurity”. OT security challenges:
- • OT components are often built without considering basic IT security requirements, aiming instead to achieve functional goals. These components may be insecure by design and vulnerable to cyberattacks.
- • Vendor dependency: Due to general lack of knowledge related to industrial automation, most companies are highly dependent on their OT vendors. This leads to vendor lock-in, eroding the ability to implement security patches.
- • Critical Assets: Due to OT's role in monitoring and controlling critical industrial processes, OT systems are very often part of the national critical infrastructure. As such, they may require enhanced security features.
Therefore, BEGONIA GROUP assists you in complying with ANSSI requirements by carrying out a gap
analysis to determine your level of maturity and an action plan for implementing the
recommendations.
The analysis will consist of:
Organizational Requirements:
- • Industrial Systems Knowledge (roles & responsibilities, mapping, risk analysis, backup management, documentation management)
- • Stakeholders Control (management of stakeholders, awareness and training, management of interventions,
- • Cybersecurity Integration in the life cycle of the Industrial System (Requirements in contracts and specifications, Integration of cybersecurity in the phases of specification, integration of cybersecurity in design phases, audits and cybersecurity tests, transfer to operations, management of changes and developments, monitoring process, obsolescence management)
- • Physical security and access control to premises (Access to premises, Access to equipment and wiring)
- • Reaction in the event of an incident (Business recovery or continuity plan, Degraded modes, Crisis management)
Technical Requirements :
- • Participants Authentication: logical access control (Account management, Authentication management)
- • Industrial System Architecture Security (Partitioning of industrial systems, Interconnection with information system management, Internet access and interconnections between remote sites, Remote access, Distributed industrial systems, Wireless communications, Protocol security)
- • Securing equipment (Configurations Hardening, Vulnerability management, Connection interfaces, Mobile equipment, Security of programming consoles, engineering stations and administration stations, Secure development)
- • Industrial System Monitoring (Event Logs)