Cybersecurity of industrial systems
In the face of the cyber threat, protect your production tool!
SERMA Safety and Security has developed the “CERMA – (Cybersecurity Evaluation and Risk MAnagement)” methodology to assist manufacturers in setting up the technical and organisational security levels necessary to face potential cyber attacks.
1/ Inventory of existing installations
- Maturity” diagnostic (flash or detailed version) to assess strengths and actions to be taken in the short, medium and long term, including mapping of assets against digital security standards and best practice.
- Compliance” audit to assess the requirements of IEC 62443, NIST SP800-82/SP800-53 or other customer specific standards.
4/ Support for the implementation of cybersecurity measures
- Assistance in drafting a call for tenders or support in responding to calls for tenders
- Implementation of processes and documentation aimed at raising the level of security, including crisis management (incident, business continuity, etc.) in the event of a cyber attack
- Design of architectures and deployment of solutions in the customer context following good security practices
- Technical documentation: DAT, DI, DR, DEX
- Management, deployment, migration and production start-up
- Support, Maintenance, Technical Support Contract (CAST)
- Setting up a SOC (Security Operations Centre)
- Supplier audit, support and monitoring (ISO/IEC)
- Technology monitoring
2/ Risk analysis
- Industrial cyber risk analysis, based on EBIOS Risk Manager and the recommendations of the IEC 62443 standard, which integrates the specificities of IEC 62443 and in particular the zone and duct approach.
3/ Proposals for organisational and technical security measures
- Architecture definition (defence in depth approach)
- Proposal of security measures (organisational and technical)
- Removable media decontamination and data transfer
- Security supervision