February 2021. Oldsmar, Florida, USA. A technician at a water treatment plant finds something peculiar when he arrives at his workstation one morning: his mouse cursor is moving around the screen with a mind of its own. All of a sudden, it clicks a control, increasing the concentration of sodium hydroxide in the water to dangerous levels. A hacker has breached the plant’s computer system.
This particular cyberattack was quickly brought under control, but news of the incident spread fear throughout the world. It laid bare the vulnerability of the industrial infrastructure that communities rely on and is increasingly being targeted by hackers.
“We’ve been observing this phenomenon for around three years, and it affects all industrial systems,” confirms Jean-Marie Letort, Vice President, Cybersecurity Consulting and Operations at Thales. “Production lines are becoming more and more connected, which expands the attack surface of industrial systems and multiplies the number of potential vulnerabilities to cyberattacks.”
Teeming with sensors and more connected than ever, they generate a dizzying amount of data, which is analysed by algorithms to optimise industrial operations. Production lines are getting smart, and the move promises to deliver substantial productivity gains for operators.
This is happening across all sectors of industry, from the automotive sector to food, energy, transport and telecommunications. But a dark shadow hangs over this dawning revolution.
When a cyberattack compromises an industrial system, it can halt production lines and disrupt railway signals, interrupt water or electricity supplies and cut off telephone or Internet services. Understandably, this can have a devastating effect on the continuity of critical activities and operations, compromising the safety of people and the security of their personal data, hitting the bottom lines of industrial operators and damaging their reputations.
In response to these very real risks, operators are coming to recognise the scale of the threat and investing to secure their industrial systems. As an industry leader and Europe's No. 1 player in cybersecurity, Thales has the proven expertise and experience needed to establish itself in this new market.
Audit, collect, analyse, supervise, strengthen
“Two years ago, our department set up a dedicated team to protect industrial systems from cyberthreats. We are recruiting cybersecurity experts and training them in Operational Technology (OT) and cyberthreat detection solutions specific to the world of industry — because industrial systems rely on skills and technologies that are not the same as those needed in information technology (IT),” explains Jean-Marie Letort.
This team has developed a solution that offers industrial operators maximum protection for their manufacturing lines. Designed to adapt to each operator's specific organisation and the level of maturity of their operational environments, the solution is deployed in four main stages:
- First, a complete audit is carried out to assess the vulnerability of the production systems and identify ways to overcome any shortcomings. During the audit, an inventory of operational systems is drawn up in a process known as “OT asset discovery”.
- Second, Thales uses specially designed OT sensors to pinpoint vulnerabilities and detect operational anomalies in the production processes.
- This data is then analysed using a set of algorithms included in the Cybels Analytics solution developed by Thales. This platform is able to detect even the subtlest and most complex cyberattacks, drawing on artificial intelligence, big data analytics and the platform’s own ever-expanding library of attack scenarios.
- Finally, Thales teams at our Security Operation Centres (SOCs) in five countries alternate shifts to supervise the security of customers' IT and industrial systems 24 hours per day, 7 days per week and 365 days per year. If an alert is triggered, the customer is informed in real time.
Industry serving industry
“We are already running our solutions on our own production lines,” says Jean-Marie Letort, "and our teams are fluent in the language of industry so they can communicate easily with production line managers." And with its credentials as a leader in the rail, aerospace, defence, space markets, Thales offers its customers a decisive advantage over the competition. Thales cybersecurity solutions can be tailored to each specific context, and the ability to capitalise on the industry knowledge of thousands of employees working with customers in each sector is a major boon for the company's cybersecurity teams.
In September 2020, the industrial cybersecurity team set up the OT Convergence Centre to bring together all our OT expertise, grow our solutions portfolio and integrate and manage our research and development efforts.
“To deploy a Thales industrial cybersecurity solution is to gain access to a body of experience that spans six different sectors of activity and is tailored to each specific operational context,” says Jean-Marie Letort.
Thales typically assigns a two-person team to each customer — a cybersecurity specialist and a subject-matter expert from the corresponding sector — to appraise the risk of an attack and identify exactly how it would affect the customer's industrial systems.
For the last two years, Thales has put this methodology to the test with customers in each sector, and the results are quite conclusive. We have conducted a wide-ranging security audit on up to 100 facilities operated by a world leader in consumer goods, and rolled out regional teams in Europe, Asia, Australia, the Middle East and North and South America.
In the petrochemicals, logistics and healthcare sectors, Thales also provides integrated IT/OT supervision solutions for leading European operators needing to deploy detection and response capabilities on a global scale.
To further develop the ability of its solutions to adapt to different contexts, Thales is also expanding its partnerships with other industry players. We have signed a collaboration agreement with global electricity giant GE Steam Power, for example, to offer a series of cybersecurity solutions specifically tailored to the needs of conventional, nuclear and hydroelectric power plant operators.
As cyberattackers turn their attention to industrial systems and OT, Thales is structuring its response with efficiency, resolve and a lot of creative new ideas.
A dedicated laboratory for industrial technologies
The OT Convergence Centre includes a laboratory dedicated to industrial technologies, the National Digital Exploitation Centre (NDEC), jointly financed to the tune of £20m by Thales and the Welsh Government. The NDEC is a proving ground where Thales's cybersecurity experts and ethical hackers can develop advanced attack scenarios and test our partners’ industrial solutions. In the very near future, specialised training in OT cybersecurity will also be available.