Feature Chaining Attaining the ideal level of IT/OT cybersecurity
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Feature Chaining
Attaining the ideal level
of IT/OT cybersecurity
Customer feedback on IT/OT interconnection • FIC 2019
Yseult Garnier Xavier Facelina Khobeib Ben Boubaker
Industrial Cybersecurity Manager CEO Head of Sales Industrial Business Line
SNCF Réseau SECLAB STORMSHIELD
Feedback on
a large-scale operational
roll-out
GLOSSARY
SNCF Réseau:
An EPIC (public industrial or
commercial undertaking) that
manages the French railway
network: 30,000 km of lines in
service
IT:
Information Technology
OT:
Operational Technology
National interconnection:
Bridging two national computer
networks
Introduction to the strategic background of the project
4
Digitisation: the need for connectivity
Digitisation is crucial
• For maximising the positive impact of digital IT/OT connectivity is essential
technologies on businesses
• For expanding the company’s digital offerings:
• Interactions with users
• User connectivity
• Real-time information
This connectivity imposes
unique cybersecurity
constraints
IT and OT serve different purposes
• Different impacts
• Different protective measures
available
Conceptual framework 6
Division into zones based on risk coverage needs
Accredited:
Agility = --
Openness = 0
Exposure = 0
Protection = +++
Inspection = +++
Security Plus Zone: Accredited exchange zone
Agility = -
Openness = -
Exposure = - Standard / Private cloud:
Protection = ++ Agility = +
Inspection = ++ Openness = +
Exposure = +
Protection = +
Standard exchange zone Inspection = +
Internet / Public cloud:
Agility = +++
Openness = +++
Exposure = +++
Protection = 0
Inspection = 0
Feedback part 1/2 The organisational situation at
The principal challenge for projects of this scale:
managing IT and OT cybersecurity
Until 2017
• Two separate departments
• Two physical locations 1 hour apart
Today
• Within the same department
• Both located on the same site
The third pillar:
IT Cyber + OT Cyber + Business
Collaborative cybersecurity
is in service of business
IT Only people in the industry—architects, operators
OT and maintenance technicians—understand the
situation on the ground and the actual
requirements and technical constraints.
The solution must:
• Satisfy business needs
• Not impose prohibitive constraints
The problem can be boiled down to two main approaches
Separating the two fields, but with constant interaction
Whitelisting protocols that are destined to changeFeedback part 2/2 Building the solution
Unfortunately, these two approaches seem contradictory
These requirements lead to a dichotomy:
Permanent isolation vs. Adaptable filtering
SNCF Réseau is testing market solutions
for these two approaches in order to:
• Find the product that best meets its
business and security needs
• Collect additional information to decide
between filtering and isolation13
These two products are at the top of their respective categories
SN6000 by STORMSHIELD offers the right DENELIS by SECLAB has passed every
level of application filtering. cybersecurity test for network isolation.
Which is the right solution: application filtering or network
isolation?When SNCF Réseau, SECLAB and STORMSHIELD examine the problem together • Everyone gains a new understanding of the project and its challenges • All ideas are permitted • The limits of your solution can be discussed with your customer and competitor
SECLAB-STORMSHIELD: two complementary approaches
BEST KNOWN
MALWARE
UNAUTHORISED
NETWORK TRAFFIC
INTRUSION DETECTION
ZERO DAY
STUXNET
HID ATTACKS
BAD USBSTORMSHIELD boxes in 16 SECLAB trucks
17
A controlled boundary between the 18
Accredited and Security Plus Zones
Accredited:
Agility = --
Openness = 0
Exposure = 0
Protection = +++
Inspection = +++
Security Plus Zone: Accredited exchange zone
Agility = -
Openness = -
Exposure = - Standard / Private cloud:
Protection = ++ Agility = +
Inspection = ++ Openness = +
Exposure = +
Protection = +
Standard exchange zone Inspection = +
Internet / Public cloud:
Agility = +++
Openness = +++
Exposure = +++
Protection = 0
Inspection = 019
Conceptual framework
Division into zones based on risk coverage needs
Standard exchange zone Accredited exchange zone
Security Plus Zone: Accredited:
Agility = - Agility = --
Openness = - Openness = 0
Exposure = - Exposure = 0
Protection = ++ Protection = +++
Inspection = ++ Inspection = +++20
A solution integrated and tested in less than 3 months
Development is kept under control
• No major impacts on the roadmap, with
customisation capacities being used instead
• The solution is built on two technologies, with a
stable interconnection
The solutions are separate and may satisfy the needs that they were covering up to that point.
Now they are chainable for infrastructures requiring complete
IT/OT interconnectionHow to purchase the solution: PURCHASING is part of the team you're working with What you can do with group purchases: • Negotiated cybersecurity agreements • Framework contract, price agreement
Conclusion Internal and external collaboration: The big cybersecurity team-up
23
Thank you for listening!
We hope we have conveyed our enthusiasm
for working in a joint team and
for our IT/OT interconnection solution
Yseult Garnier Khobeib Ben Boubaker Xavier Facelina
SNCF Réseau STORMSHIELD SECLAB
STAND B5 STAND A7-12
+33 (0)6 86 60 78 31 +33 (0)7 62 51 75 25
khobeib.benboubaker@stormshield.eu xfacelina@seclab-security.comYou can also read
