Wonder how to protect live industrial control systems? Have a project to design and build a new facility relying on control systems?

1. RISK &SECURITY
Industrial cyber security
• Evaluate your industrial control system (ICS) exposure to cyber attacks and its consequences
OUR VISION
> 7 fundamentals for securing industrial control systems
Industrial systems, due to rising interconnection and standardization, become more exposed to cyberattacks
leading to potentially disastrous consequences affecting safety, production and environment.
With our offer, you will identify your systems’ vulnerabilities, categorize them according to operational impact,
and select the security measures adapted to your industry.
REMOTE
MAINTENANCE
ENHANCED
CONTROL
> Cyber security risk management during engineering, construction and operation
Risk analysis, risk governance and cyber security policies for ICS and production line components, security
specifications and whitelists, project and operations team training to IS, network and cyber security
> Vendor, EPC, and industrial control systems audits
Cyber security audit/FAT/SAT, attack simulation on programmable logic controllers, and post-incident
analysis
> Cyber security assistance for large industrial programs
Integration of cyber security in complex industrial programs using consistent risk monitoring, design of
specialized security solutions, and implementation of security requirements
OUR BELIEFS
Multiplication of external factors and adoption of new technologies amplify exposure of Industrial
information systems to threats.
Industrial information systems are based on an increasing number of equipment such as black
box” services, operating for several decades: typical security solutions must be adapted.
Availability and integrity of industrial processes are critical, particularly for safety functions which
need to be a priority.
HARDENING OF SYSTEMS AND
PROGRAMMABLE LOGIC CONTROLLERS
OPERATIONAL SECURITY
MANAGEMENT
RESTRICTION OF OPERATOR,
ENGINEER AND MAINTENANCE
ACCESS RIGHTS
IEC 62443 LAYERS
SEGREGATION
ALIGNMENT WITH
PHYSICAL SECURITY
APPLICATION
WHITELISTING
OUR OFFER
ICSS
ICS SCADA
DCS
#
• Design innovative and reliable cyber security solutions with operation constraints
• Maintain a sustained security level on your industrial systems throughout a long lifecycle

2. RISK SECURITY # Industrial cyber security
YOUR STAKES OUR STRENGTHS
Manage your cyber security risks
• Personnel safety through vital equipment control
• Long term availability of critical systems
• Integrity of the control parameters of the industrial
process
• Virus attacks, safety functions failures and cyber hijacking
prevention
SECWAY BEIJAFLORE, one of a kind partnership
• Our offer combines both a solid and practical technical
expertise in SCADA / ICS and a recognized proficiency in the
design of risk management systems and efficient security
policies
• Our commitment to quality recognized through our ISO9001
certification on Industrial Cyber Security Services
SUCCESS STORIES
For a water treatment company (Operation phase)
Improvement of ICS reliability to ensure a sustainable service for
water transportation and treatment
Objectives
• Identify security measures to guarantee an acceptable risk level for
water transportation network monitoring system
• Backup site capacity assessment to ensure continuity in the event of
a main monitoring system failure
Achievements
• Identification of major business threats, classification of information
and resources in terms of Confidentiality, Integrity and Availability
• Execution of technical penetration tests
• Risk assessment for ICS security
• Definition of the associated 3 year risk reduction plan
Obtained gains
45main threats identified
Raised business and management awareness of industrial system
security risks
Risk reduction plan endorsed by top management
Paris office and headquarters
Pavillon Bourdan
11-13 avenue du Recteur Poincaré
75016 Paris
Tel. no: +33 1 44 30 90 00
Maxime de Jabrun
Vice President|Head of Risk Security
11-13 avenue du Recteur Poincaré
75016 Paris
Tel. no: +33 1 44 30 91 95
mdejabrun410@beijaflore.com
Manage Industrial systems specificities and constraints
• Addressing the gap between the long industrial lifecycle
and rapid evolution of IS technologies
• Industrial IS hastily adopting new technologies and
interconnecting with enterprise networks
A community of experts
• Our RD center provides a practical and up-to-date knowledge
of the main standards: IEC 62443 (ISA99), NIST SP 800-
32/39/82, ISO27001/2/5, ISO15408, ISO61508, WIB, ISF SoGP
and ISF IRAM
Ensure global protection consistency
• Consistency of the cyber security and safety approaches
•Management of industrial projects complexity and
supplier subcontractor diversity
ICS environment expertise
• Our experience in cyber security of Control Systems is based
on a hundred audits of system from the main providers around
the world
• Our in-depth knowledge of industrial systems and solutions
allows us to bring applicable solutions to industrial IS
minimizing operations impacts
For a major OG company (Project)
Definition of cyber security specifications
Implementation management and audit of 83 suppliers of the
industrial system for a major platform (several billion US$)
Objectives
• Strengthen project cyber security related to economic and safety
issues
• Educate users, protect systems against virus attacks and optimize
procedures
Achievements
• Design of the body of cyber security policies, procedures and
hardening guidelines for industrial control and safety systems
• Audit of various offshore and onshore facilities at different stages
of the project ( 2000 devices)
• Management and control of cyber security of all suppliers systems
from design phase to commissioning at site
• Identification, assessment and monitoring of cyber security risks
for the whole industrial system ( 4200 risks amongst all systems)
Obtained gains
Highlighting of the vulnerabilities of industrial systems and design of
corrective and preventive action plans
Cyber security awareness of project’s stakeholders ( 100)
Decrease of industrial systems risks exposure following on site
recommendation
www.beijaflore.com • http://blogrisqueetsecurite.beijaflore.com