Cercle Européen de la Sécurité et des Systèmes d'Informations

From a grasp of cyber risks to resilience: supply chain 4.0 issues

Published on

Dinner-Debate of 4 February 2016: Minutes 

Debate with: 

Philippe Laflandre, VP Head of Consulting & Public Affairs, Airbus Defence & Space Cybersecurity
Jean-Christophe Mathieu, Product and Solution Security Officer, Division Digital Factory, Siemens
Adoté Chilloh, CISO and Computer Production Manager at Bibliothèque Nationale de France
Pierre Maillet, Industrial and Supply Chain Director at SNCF Réseaux

Moderator: Alain Establier, Chief Editor of SECURITY DEFENSE Business Review

In his introduction, Alain Establier reminded participants that the concept of Industry 4.0 was first introduced at the Hanover Fair in 2011. This was a new way of organising production resources with the aim of setting up "smart factories" capable of greater adaptability in production and a more efficient allocation of resources. In this context, CISOs, CIOs and CDOs are supposed to protect the security of their IS in an environment based on the internet of objects and on factories connected to internet, with all the dangers that entails (Stuxnet, power outage in part of Ukraine on 23 December 2015, etc.). Le Cercle invited a brilliant panel of professionals to share their experiences.

Philippe Laflandre, VP Head of Consulting & Public Affairs, Airbus Defence and Space Cybersecurity, reviewed the status of the threat (intense, multiple and multifaceted) concerning the industrial fabric and insisted on just how unprepared most supply chain players are to face this menace. For example, at the Hanover Fair in 2011, not one exhibitor represented security, which illustrates well how far behind the sector is. As an example, he presented "BoostAeroSpace", the European digital aeronautic platform created 2009 by Airbus, Dassault Aviation, Safran and Thales.

Jean-Christophe Mathieu, Product and Solution Security Officer, Division Digital Factory, Siemens, shared his long experience as automation engineer, reviewing the risks related to the lack of functional security in automated equipment. Acknowledging that process and business project leaders do not have the vast IT experience of CISOs, he highlighted ANSSI's work in bringing specialists like him and IT specialists together. He wants this movement to be expanded to include industrial systems integrators and installers, and to develop collaborative training, because the gap between automation players and network administrators is simply too wide.

Adoté Chilloh, member of CESIN, both CISO and Computer Production Manager at Bibliothèque Nationale de France, enlightened us on digitisation and archiving at the French National Library BNF. It isn't a factory though it resembles one, with trolleys transporting books being controlled by a data centre. Over ten years ago, BNF used digitisation to store its data and he insisted on its resilience against internal incidents and external attacks: data needs to be protected in a secure environment.

Pierre Maillet, Industrial and Supply Chain Director at SNCF Réseaux, confirmed that while attacks are numerous, IS attacks had never caused any operation stoppages. On the other hand, equipment faults and internal causes do sometimes require operations to be shut down. To increase responsiveness, he asked IS managers for greater flexibility, teamwork, attention to the ability to bounce back while maintaining the level of security: necessary delegation, agility with respect to centralised IS or IS that might appear too rigid to field teams. It is essential to avoid holding innovation back.

The conclusion resumes what our speakers would like to set up: compare risks to the cost of resilience, never forget pragmatism and realism, and train and prepare teams of operators in reasonable resilience.

Latest publication

Olivier LIGNEUL, member of the editorial committee brings a light on the IOT/Blockchain couple.

Read more