Producing communicating objects in connected factories sounds like a no-win situation for ACTIA in the light of increasing cybersecurity threats worldwide. Yet it is this industrial cybersecurity challenge that the Group’s factories rise to on a daily basis as part of a ongoing policy based on quality, security, innovation and industrial excellence.
Sébastien RABAUD, ACTIA Group CISO (Chief Information Security Officer), talks about the risks linked to Industry 4.0 and the optimal security approach for all of ACTIA’s production lines.
WHAT DOES PRODUCING COMMUNICATING OBJECTS IN INDUSTRY 4.0 FACTORIES MEAN FOR ACTIA?
“ACTIA designs and manufactures electronic products and communicating onboard systems in its factories for a number of business sectors, including the automotive, aviation, space and energy sectors.
The rapid developments in these products and systems involve:
- increased complexity of software functions;
- the incorporation of numerous security features;
- and ever-greater data processing.
Furthermore, as part of the approach to continuously improve the performance and quality of its service, the Group is constantly developing its production means by incorporating new initiatives and new technologies into its processes. Of course, in addition to this comes an external environment which is also rapidly developing, with a rise in cyber-attacks in particular.
Added to this is a rapidly changing external context, notably with the upsurge in cyber attacks. These changes imply an increase in risks and require a global approach to managing cybersecurity integrated into both business lines and industrial processes.”
HOW DOES INDUSTRIAL CYBERSECURITY MANAGEMENT AFFECT THE GROUP’S FACTORIES?
“ACTIA is faced with several key trends which have significantly affected and continue to affect the development of our factories. The first of these trends is the digitalisation of production lines in a broad sense, which results in the widespread use of systems from the IT world, increased connectivity and interconnectivity of these production lines with external environments: customers, suppliers, etc. This digitalisation is reflected in procedures going paper-free, the use of analytical tools, sometimes in SaaS/Cloud mode, or quite simply through the increased use of email.
The other key trend is linked to the development of the products themselves. Within the “Internet of Things” movement, these products are becoming increasingly connected and intelligent. The products manufactured by the ACTIA Group therefore incorporate sensitive elements such as components, data, cryptographic keys, etc. This increases the need for securing production environments. The entire production chain must be secured.
In addition to this trend, under the ACTIA Group’s industrial strategy, there is significant synergy between all the factories spread across three continents. This strategy of optimising our industrial performance assumes a level of security that is suited to the means of collaborating and sharing data between the various production sites.”
HOW WOULD YOU DESCRIBE ACTIA’S INDUSTRIAL CYBERSECURITY APPROACH?
“In addition to the technical security aspects of our production environment, responding to these challenges requires addressing cybersecurity more broadly, with respect to our business processes, human resources and the supply chain. ACTIA is therefore implementing a global or holistic approach to cybersecurity management, which is not restricted to our factory-environment, but extends to all interfaces.
In order to obtain and attest to a high level of assurance and trust regarding the effectiveness of this approach, since 2018 we have held certification for our information security management system in accordance with the ISO 27001 standard.
Additionally, this global policy integrates the application of benchmarks that are suited to the industrial context, such as the Industrial Cybersecurity Guide by ANSSI [French National Cybersecurity Agency], or Automotive cybersecurity engineering standards such as ISO 21434.”
HOW IS THIS GLOBAL APPROACH TO CYBERSECURITY BEING IMPLEMENTED?
“Protecting industrial networks against cyber attacks requires a combination of means and security measures on the one hand adapted specifically to each environment and on the other hand global to the entire system, in a defense-in-depth logic.
A fundamental building block of the system is the awareness and training of all the players involved in industrial processes (operators, processes, methods, IT, etc.), because they are the ones who bear the risks and “make” the safety of the company. ‘factory.
This device is also based on a precise and detailed inventory as well as a thorough understanding of the production environment: processes, processes, industrial systems, network infrastructures, data flows.
This approach allows us to have protection measures adapted to cybersecurity risks, while limiting the impact in terms of industrial performance and promoting ownership by stakeholders.
To complete this system, we ensure continuous supervision and processing of security events in our industrial environment, as well as permanent monitoring of vulnerabilities and threats.”
ANY LAST WORDS?
“The information security management system thus set up and maintained within ACTIA has enabled us to respond appropriately to current industrial cybersecurity challenges, but also to change the corporate culture more generally. .
It allows us to consider with the right level of security the development needs of our factories, in terms of ability to integrate new products or means of production.
We are therefore confident in the group’s ability to meet the challenges of the factory of the future beyond factory 4.0, by moving towards factory 5.0.”