Today, cybercriminals are increasingly targeting the industry sector – and their attacks are having far-reaching consequences. And this is affecting not only operators of vital importance and essential services: all players are concerned. In addition to the regulations that are "forcing" some to choose sovereign solutions, it remains the responsibility of other industrial players to apply these same rules and take action throughout the security chain. But why is this concept of sovereignty so important? A guest column by Vincent Nicaise, Head of Industrial Partnerships at Stormshield, and Yoann Delomier, OT Team Leader, Wallix.
The new uses of digital technology in industry in recent years have contributed greatly to development and modernisation in this sector. This is true not only in terms of performance and competitiveness at a time of strong globalisation, but also in terms of care for the environment and traceability with regard to consumers and European regulations.
However, these new working practices have also impacted the industrial world, which finds itself increasingly exposed to cyber risks. For example, operators of critical infrastructure (transport, energy, water, etc.) are running industrial processes that use data circulating – sometimes constantly – in real time to ensure smooth operations and deliver both productivity and service to the general public. Such data is now facing attacks from multiple directions. And more generally, all entry points are now being exploited by increasingly professional hackers, whose objectives include industrial espionage and halting production to demand ransoms or for political purposes. And given the financial, human and environmental stakes behind these attacks, the industrial sector has a strong incentive to pay out... which means big pay days for hackers.
In March 2022, France’s ANSSI agency announced that it was aware of 1,082 intrusions critical to the proper functioning of the country in 2021, i.e. an increase of 37% over the previous year. These figures apply to some extent to industrial firms, which ensure the security of goods and people –and, as such, are required to implement safe, trusted cybersecurity solutions, regardless of their role or importance in the production process. The announcements made by Ukraine, claiming to have thwarted a Russian cyberattack on its electricity network, offer a real-world example of the risks being faced by governments and the public today.
However, it has to be said that industrial players do not always prioritise cybersecurity considerations when drawing up their modernisation plans. Yet this is a key factor that must be taken into account when designing IT/OT projects, in order to ensure optimum process security. This is also being factored into all acquisition projects and across all sites, in France and abroad. And the sovereignty of cybersecurity solutions has an important role to play in these considerations.
Trust: the first criterion when selecting your cybersecurity solutions
Above all else, choosing sovereign cybersecurity solutions means ensuring transparency and avoiding any risk that data could be exploited for malicious purposes. The aim in this case is to have access to well-controlled sovereign information, thus mitigating the risks of compromise and attacks by foreign bodies. This is the only way to ensure defence in depth with no weak links.
Such an approach is vitally important in order to avoid any risk of interference or industrial espionage – as recently seen with Chinese hacker group Winnti, which was cited in an investigation for having conducted a major espionage operation in the United States, Europe and Asia on behalf of the Chinese state.
Retaining digital independence is also the only way to enable a local, autonomous response with regard to production issues and critical activities when resolving cyber incidents; for example, with a view to minimising disruptions to production. European solutions are able to deliver this local response in terms of rapid technical support, assistance to local teams, incident response processes, etc.
And lastly, the choice of sovereign solutions also ensures native compliance with current regulations and standards. This translates into regulatory requirements for delivering secure access to information systems and operational systems (authentication, segmentation, data traceability, encryption, etc.).
In short, there is a need for more trusted European solutions. Especially since, given the proliferation of production sites all over the world, borders are no longer an issue when attacking a European industrial company.
Investing in European leaders in industrial cybersecurity: a responsible and socially aware approach
To enable industry to make the right choices, Europe's leading cybersecurity solution providers have several assets available to them as they seek to build a reliable, resilient environment. The first of these is to expand the locally available range of protection solutions, ensuring that end customers have the choice of a sovereign solution as a basic minimum. This goes hand in hand with the work of raising the awareness of industrial manufacturers in implementing sovereign security components into the design of their products.
More generally, it is important to support start-ups and the cyber sector via national organisations, investment in the local cyber economy via dedicated funds, and education. These are the conditions for ensuring that companies establish bases in France and in Europe and then stay there, and also for maintaining and developing European expertise.
With the involvement of the entire ecosystem and effective cooperation between European players, it will be possible to increase sovereign control in the industry, while at the same time ensuring the optimal protection of our economy, citizens and environment.