PRODUCING COMMUNICATING OBJECTS IN CONNECTED FACTORIES : THE CHALLENGE OF INDUSTRIAL CYBERSECURITY

Producing communicating objects in ultra-connected factories sounds like a no-win situation for ACTIA in the light of increasing cybersecurity threats worldwide. Yet it is this industrialcybersecurity challenge that the Group's factories rise to on a daily basis as part of a ongoing policy based on quality, security, innovation and industrial excellence.

Sébastien RABAUD, ACTIA Group CISO (Chief Information Security Officer), talks about the risks linked to Industry 4.0 and the optimal security approach for all of ACTIA's production lines.

WHAT DOES PRODUCING COMMUNICATING OBJECTS IN INDUSTRY 4.0 FACTORIES MEAN FOR ACTIA?

'ACTIA designs and manufactures electronic products and communicating onboard systems in its factories for a number of business sectors, including the automotive, aviation, space and energy sectors.

The rapid developments in these products and systems involve:

• - increased complexity of software functions;
• - the incorporation of numerous security features;
• - and ever-greater data processing.

Furthermore, as part of the approach to continuously improve the performance and quality of its service, the Group is constantly developing its production means by incorporating new initiatives and new technologies into its processes. Of course, in addition to this comes an external environment which is also rapidly developing, with a rise in cyber-attacks in particular.

The increase in these cybersecurity risks requires a global approach to cybersecurity management that is incorporated into businesses as well as industrial processes.'

HOW DOES INDUSTRIAL CYBERSECURITY MANAGEMENT AFFECT THE GROUP'S FACTORIES?

'ACTIA is faced with several key trends which have significantly affected and continue to affect the development of our factories. The first of these trends is the digitalisation of production lines in a broad sense, which results in the widespread use of systems from the IT world, increased connectivity and interconnectivity of these production lines with external environments: customers, suppliers, etc. This digitalisation is reflected in procedures going paper-free, the use of analytical tools, sometimes in SaaS/Cloud mode, or quite simply through the increased use of email.

The other key trend is linked to the development of the products themselves. Within the 'Internet of Things' movement, these products are becoming increasingly connected and intelligent. The products manufactured by the ACTIA Group therefore incorporate sensitive elements such as components, data, cryptographic keys, etc. This amplifies the need for security in the manufacturing and handling environments. The entire manufacturing line must be secured.

In addition to this trend, under the ACTIA Group's industrial strategy, there is significant synergy between all the factories spread across three continents. This strategy of optimising our industrial performance assumes a level of security that is suited to the means of collaborating and sharing data between the various production sites.'

HOW WOULD YOU DESCRIBE ACTIA'S INDUSTRIAL CYBERSECURITY APPROACH?

'ACTIA's factory developments are part of a necessary and voluntary process to improve our industrial performance and meet our customers' needs. They are not inconsequential and pose major challenges in terms of cybersecurity, because they significantly increase our attack surface.

In addition to the technical security aspects of our production environment, responding to these challenges requires addressing cybersecurity more broadly, with respect to our business processes, human resources and the supply chain. ACTIA is therefore implementing a global or holistic approach to cybersecurity management, which is not restricted to our factory-environment, but extends to all interfaces.

In order to obtain and attest to a high level of assurance and trust regarding the effectiveness of this approach, since 2018 we have held certification for our information security management system in accordance with the ISO 27001 standard.

Additionally, this global policy integrates the application of benchmarks that are suited to the industrial context, such as the Industrial Cybersecurity Guide by ANSSI[French National Cybersecurity Agency], or Automotive cybersecurity engineering standards such as ISO 21434.'

HOW IS THIS GLOBAL APPROACH TO CYBERSECURITY BEING IMPLEMENTED?

'Protecting industrial networks from cyber-attacks requires customised methods and measures.
We are therefore paying close attention to ensure cybersecurity awareness and training for everyone involved in the industrial processes:

• - managers;
• - operators;
• - process and method teams;
• - production IT teams, etc.

We also closely manage the process inventory and maintain a thorough understanding of the processes as well as of the industrial systems, our network infrastructures, flows and data processing.

We therefore have detailed map of the risks in order to establish the most suitable protection measures for them.'

AND THE CLOSING REMARKS?

'This work of continuously monitoring industrial systems accompanied by a permanent watch on cybersecurity threats, vulnerabilities and events are essential for a manufacturer working in an ultra-connected setting.

Everything that we have implemented, in terms of processes and even corporate culture regarding cybersecurity, provides us with strong assurance on our ability to integrate these risks. This is all the more important given that we are now able to develop our factories, in terms of their ability to incorporate new products or new production means.

We are therefore confident in the Group's ability to rise to the challenges of the factory of the future beyond Industry 4.0, because with industry changing so quickly, we can already look towards Industry 5.0.' »

Share on