Historically, Switzerland has distinguished itself from its neighbors by adopting a less stringent approach to information system security regulations. Preference has been given to subsidiarity, a legal principle whereby the Confederation does not legislate in areas where the Cantons can.…
This article is intended primarily for an informed public, mastering the use of cryptographic keys in an IS and their management in organizations. Increasing security requirements for both industrial environments and connected objects have led to a profusion of cryptographic…
IEC 62351 is an international cybersecurity standard for Smart Grid communication and control systems. Its aim is to help grid operators protect themselves against threats endangering this sector, while adapting the recommendations to the realities of the industrial world. In…
Introduction Industrial systems are a category of information systems of their own, with codes and properties that differ from "classic" IT systems. It is well known that the level of maturity of the industrial sector in terms of cybersecurity is…
During the Wavestone OT Cyber Day, Loïc Lebain and Benoit Bouffard conducted a workshop in which they noted that IT departments were still struggling to develop a catalogue of cybersecurity solutions for OT. Based on their experience with our customers,…
The industrial control system (ICS) is the set of resources and machines used to supervise and control an industrial process. This article looks at the security issues surrounding Windows devices of the ICS supervision and maintenance layer: SCADA servers and…
On a daily basis, stakeholders within construction handle a variety of data that may be of interest to malicious parties. They are subjected to the same types of malware attacks as players in other industries (e.g. theft, espionage, phishing, etc.).…
Intro The emergence of the Industry 4.0 is characterized by the digitization of industry and greater interconnection between the various machines that make up an industrial IS (Information System). However, this growth in communications within industrial Control Systems also…
If you work in cybersecurity, you have probably heard of the OWASP TOP 10: a standard awareness document that represents a broad consensus about the most critical security risks to web applications. However, in Industrial Control Systems, we never talk…
After s4x21 cancellation and s4x22 3 month delay due to COVID, S4 was finally back from April 19th to April 21st 2022! What is S4? A 3 day conference, dedicated to ICS cybersecurity, held in Miami South Beach and organized…
