{"id":12373,"date":"2019-12-18T15:11:04","date_gmt":"2019-12-18T14:11:04","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=12373"},"modified":"2019-12-31T09:06:13","modified_gmt":"2019-12-31T08:06:13","slug":"cybersecurite-si-industriels-3-3","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2019\/12\/cybersecurite-si-industriels-3-3\/","title":{"rendered":"Saga (3\/3) &#8211; Retours d&#8217;exp\u00e9rience et bonnes pratiques pour prot\u00e9ger et maintenir en condition de s\u00e9curit\u00e9 des SI Industriels"},"content":{"rendered":"<p><em>Nous avons vu au travers des articles pr\u00e9c\u00e9dents les solutions permettant d\u2019initier la s\u00e9curisation des SI Industriels. Une fois cette s\u00e9curisation r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 tout comme la mise en place de moyens de d\u00e9tection.<\/em><\/p>\n<h2>La couverture des risques dans la dur\u00e9e<\/h2>\n<h3>Le durcissement des \u00e9quipements<\/h3>\n<p>En compl\u00e9ment d\u2019une\u00a0architecture et\u00a0d\u2019un\u00a0outillage\u00a0d\u2019administration s\u00e9curis\u00e9s, il convient d\u2019\u00e9lever le niveau de s\u00e9curit\u00e9 de chaque \u00e9quipement en appliquant un principe de strict n\u00e9cessaire. Un guide de\u00a0<strong>durcissement<\/strong>\u00a0g\u00e9n\u00e9rique peut \u00eatre cr\u00e9\u00e9 et adapt\u00e9 \u00e0 chaque technologie identifi\u00e9e lors de la cartographie du SI Industriel. Celui-ci permet de rem\u00e9dier \u00e0 une partie des vuln\u00e9rabilit\u00e9s pr\u00e9sentes au niveau des configurations et des syst\u00e8mes.<\/p>\n<p>L\u2019utilisation de solutions compl\u00e9mentaires peut \u00e9galement apporter un surplus de s\u00e9curit\u00e9\u202f:<\/p>\n<ul>\n<li>Les\u00a0<strong>antivirus <\/strong>connect\u00e9s au r\u00e9seau ou non (impliquant une mise \u00e0 jour manuelle) vont couvrir les postes industriels contre les virus les plus communs\u202f;<\/li>\n<li>La mise en place de r\u00e8gles strictes sur les\u00a0<strong>pare feux locaux <\/strong>des machines va emp\u00eacher les communications, et donc intrusions, sur les ports inutilis\u00e9s, et filtrer l\u2019origine des flux en fonction des protocoles utilis\u00e9s, permettant de mieux d\u00e9tecter des tentatives d\u2019attaques\u202f;<\/li>\n<li><strong>Des solutions de gestion des comptes administrateurs locaux <\/strong>(par exemple LAPS\u00a0pour\u00a0Windows) peuvent enfin permettre de g\u00e9rer les comptes administrateur natifs des postes de mani\u00e8re centralis\u00e9e et individualis\u00e9e.<\/li>\n<\/ul>\n<p>Il arrive cependant qu\u2019il ne soit plus possible de durcir un \u00e9quipement du fait de sa v\u00e9tust\u00e9, il faut alors travailler avec le M\u00e9tier sur la\u00a0<strong>gestion de l\u2019obsolescence<\/strong>\u00a0des \u00e9quipements, sur leur \u00e9ventuel remplacement et en dernier recours sur les capacit\u00e9s \u00e0 les isoler du reste du SI. Des\u00a0<strong>bloqueurs de configuration<\/strong>\u00a0pourront \u00e9galement permettre, sur des postes v\u00e9tustes,\u00a0de restreindre l\u2019installation et l\u2019utilisation de composants \u00e0 ceux uniquement\u00a0n\u00e9cessaire.<\/p>\n<p>Il est important de rappeler que le SI Industriel\u00a0souffre\u00a0de certaines vuln\u00e9rabilit\u00e9s,\u00a0mais\u00a0est avant tout l\u2019outil de production du M\u00e9tier. Le dialogue avec ces \u00e9quipes est donc primordial \u00e0 la compr\u00e9hension de l\u2019utilisation qu\u2019ils en font\u00a0afin de r\u00e9soudre ces vuln\u00e9rabilit\u00e9s en limitant les cons\u00e9quences au maximum pour le m\u00e9tier.<\/p>\n<h3>Le maintien en conditions de s\u00e9curit\u00e9<\/h3>\n<p>Lorsque les \u00e9quipements atteignent le bon niveau de s\u00e9curit\u00e9, il faut pr\u00e9voir son maintien dans le temps.\u00a0<strong>Diff\u00e9rents sc\u00e9narios de gestion des\u00a0correctifs de s\u00e9curit\u00e9 ou \u00ab\u202fpatchs\u202f\u00bb<\/strong>\u00a0peuvent \u00eatre d\u00e9finis pour r\u00e9pondre \u00e9galement aux besoins du M\u00e9tier (disponibilit\u00e9, int\u00e9grit\u00e9) et synchronis\u00e9s avec la maintenance industrielle :<\/p>\n<ol>\n<li><strong>Int\u00e9gration dans les processus nominaux d\u2019exploitation <\/strong>(par exemple\u202f: les processus de qualification \/ qualit\u00e9 d\u2019une installation peuvent imposer que les \u00e9quipements soient \u00e0 jour). La mise \u00e0 jour et l\u2019administration des \u00e9quipements tireront ainsi profit des arr\u00eats industriels d\u2019autant plus si une re-certification est n\u00e9cessaire.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<figure id=\"post-12374 media-12374\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12374 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-1-1.png\" alt=\"\" width=\"1230\" height=\"737\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-1-1.png 1230w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-1-1-319x191.png 319w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-1-1-65x39.png 65w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-1-1-768x460.png 768w\" sizes=\"auto, (max-width: 1230px) 100vw, 1230px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<ol start=\"2\">\n<li>Pr\u00e9paration\u00a0d\u2019un\u00a0<strong>processus de mise \u00e0 jour \u00ab \u00e0 chaud \u00bb\u00a0<\/strong>en\u00a0cas\u00a0de faille de\u00a0s\u00e9curit\u00e9\u00a0critique et d\u2019un\u00a0processus\u00a0d\u2019isolation\u00a0pr\u00e9ventive\u00a0d\u2019une\u00a0ligne\u00a0de production le temps que le\u00a0proc\u00e9d\u00e9\u00a0puisse\u00a0\u00eatre\u00a0interrompu\u00a0;<\/li>\n<li><strong>Identification des \u00e9quipements redondants <\/strong>ou p\u00e9riph\u00e9riques sur lesquels une intervention avec simple information des responsables de sites\u202fest possible.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<figure id=\"post-12376 media-12376\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12376 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-2-1.png\" alt=\"\" width=\"1259\" height=\"768\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-2-1.png 1259w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-2-1-313x191.png 313w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-2-1-64x39.png 64w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-2-1-768x468.png 768w\" sizes=\"auto, (max-width: 1259px) 100vw, 1259px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<p>Afin de mettre en place ces process de patch, la cartographie r\u00e9alis\u00e9e pr\u00e9c\u00e9demment doit faire appara\u00eetre un<strong>\u00a0inventaire\u00a0pr\u00e9cis\u00a0des \u00e9quipements<\/strong>\u00a0devant\u00a0inclure\u202f:<\/p>\n<ul>\n<li>L\u2019identification des \u00e9quipements, leur type,\u202flocalisation et nombre\u202f;<\/li>\n<li>Les proc\u00e9d\u00e9s industriels pour lesquels ils sont utilis\u00e9s\u00a0et la criticit\u00e9 associ\u00e9e\u202f;<\/li>\n<li>Le syst\u00e8me d\u2019exploitation\/le<em>firmware<\/em>, les outils et la configuration ainsi que la\u00a0mention des versions d\u00e9ploy\u00e9es\u202f;<\/li>\n<li>Les besoins en termes de cybers\u00e9curit\u00e9 au regard des proc\u00e9d\u00e9s\u00a0supports\u00a0;<\/li>\n<li>La disponibilit\u00e9 de redondance, de mise en tampon des donn\u00e9es et de cold\u00a0spare\u202f;<\/li>\n<li>La fr\u00e9quence de patch requise et l\u2019historique de patch.<\/li>\n<\/ul>\n<p>Le maintien du niveau de s\u00e9curit\u00e9 ne se base pas uniquement sur l\u2019application de correctifs de s\u00e9curit\u00e9 sur les \u00e9quipements. Il convient \u00e9galement de\u202f:<\/p>\n<ul>\n<li>D\u00e9finir le processus de\u00a0<strong>mise \u00e0 jour des solutions de s\u00e9curit\u00e9 <\/strong>install\u00e9es sur les \u00e9quipements coup\u00e9s du r\u00e9seau\u202f;<\/li>\n<li>Installer des\u00a0<strong>solutions de nettoyage de m\u00e9dia amovibles <\/strong>qui restent tr\u00e8s pr\u00e9sents sur les sites industriels \u2013 certains produits ont l\u2019avantage d\u2019\u00eatre portables et donc d\u2019analyser le m\u00e9dia pendant le d\u00e9placement \u00e0 l\u2019int\u00e9rieur du site industriel\u202f;<\/li>\n<li>Assurer la\u00a0<strong>sauvegarde des configurations <\/strong>des \u00e9quipements et leurs\u00a0<strong>int\u00e9grations au DRP<\/strong>\u00a0afin de garantir une remise en route post-incident qui r\u00e9ponde aux besoins de disponibilit\u00e9\u202f;<\/li>\n<li>Mettre en place un\u00a0<strong>suivi de l\u2019IAM<a href=\"#_ftn1\" name=\"_ftnref1\">[1]<\/a> Industriel<\/strong>\u00a0afin d\u2019avoir un contr\u00f4le d\u2019acc\u00e8s physique et logique robuste. Cette action permettra aussi d\u2019automatiser de nombreuses actions fastidieuses de revue de comptes parfois encore faites \u00e0 la main.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>La d\u00e9tection des incidents\u00a0de cyber s\u00e9curit\u00e9<\/h2>\n<p>Les mesures cit\u00e9es pr\u00e9c\u00e9demment permettent de r\u00e9duire la probabilit\u00e9 d\u2019occurrence des risques et donc d\u2019augmenter la disponibilit\u00e9 des \u00e9quipements pour le M\u00e9tier. Il faut n\u00e9anmoins se pr\u00e9parer au pire et avoir les outils n\u00e9cessaires \u00e0 la\u00a0<strong>d\u00e9tection d\u2019un incident<\/strong>\u00a0pour le rem\u00e9dier au plus vite et garantir un temps d\u2019interruption r\u00e9duit au maximum.<\/p>\n<h3>La mise en place de la d\u00e9tection<\/h3>\n<p>La premi\u00e8re \u00e9tape\u00a0\u00e0 r\u00e9aliser est l\u2019activation des fonctions IDPS<a href=\"#_ftn2\" name=\"_ftnref2\">[2]<\/a>\u00a0sur\u00a0les \u00e9quipements r\u00e9seaux afin d\u2019assurer\u00a0<strong>un premier\u00a0stade de d\u00e9tection et\u00a0potentiellement\u00a0de blocage\u00a0<\/strong>automatique.<\/p>\n<p>Il s\u2019agit ensuite d\u2019assurer\u00a0la\u00a0<strong>collecte d\u2019informations\u00a0<\/strong>en d\u00e9ployant un concentrateur\u00a0sur site.<strong>\u00a0<\/strong>Les logs des \u00e9quipement r\u00e9seaux\u00a0et serveurs\u00a0pourront ainsi\u00a0\u00eatre\u00a0envoy\u00e9s\u00a0aux SIEM<a href=\"#_ftn3\" name=\"_ftnref3\">[3]<\/a>\u00a0existants\u00a0ou d\u00e9di\u00e9s dans lesquels se feront\u00a0<strong>corr\u00e9lation et d\u00e9tection<\/strong>. Les SOC<a href=\"#_ftn4\" name=\"_ftnref4\">[4]<\/a>\u00a0et\u00a0CERT<a href=\"#_ftn5\" name=\"_ftnref5\">[5]<\/a>\u00a0peuvent\u00a0alors r\u00e9aliser les op\u00e9rations d\u2019analyse, de d\u00e9tection et \u00e9ventuellement de r\u00e9action sur incident\u00a0en se basant sur des sc\u00e9narios classiques.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-12378 media-12378\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12378 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-3-1.png\" alt=\"\" width=\"1250\" height=\"306\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-3-1.png 1250w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-3-1-437x107.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-3-1-71x17.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-3-1-768x188.png 768w\" sizes=\"auto, (max-width: 1250px) 100vw, 1250px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<h3>L\u2019anticipation\u00a0de risques sp\u00e9cifiques<\/h3>\n<p>Cependant, la d\u00e9tection bas\u00e9e sur des sc\u00e9narios\u00a0classiques n\u2019apportera que peu de valeur aux m\u00e9tiers.\u00a0La prise en compte de l\u2019ensemble des sources (PC, Linux, UNIX\u2026) et la\u00a0<strong>mise en place de sondes d\u00e9di\u00e9es aux SI Industriels<\/strong>\u00a0capables de s\u2019interfacer avec des syst\u00e8mes SCADA peut permettre d\u2019am\u00e9liorer le\u00a0syst\u00e8me de d\u00e9tection. Toutefois,\u00a0ces solutions peuvent s\u2019av\u00e9rer co\u00fbteuses.<\/p>\n<p>L\u2019\u00e9l\u00e9ment cl\u00e9 consistera ici \u00e0 assurer une mont\u00e9e en maturit\u00e9 et en valeur incr\u00e9mentale et rapide du SOC.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-12380 media-12380\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12380 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-4-1.png\" alt=\"\" width=\"1247\" height=\"600\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-4-1.png 1247w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-4-1-397x191.png 397w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-4-1-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Tableau-4-1-768x370.png 768w\" sizes=\"auto, (max-width: 1247px) 100vw, 1247px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<h3>Se pr\u00e9parer \u00e0 la rem\u00e9diation<\/h3>\n<p>Pour finir, la d\u00e9tection d\u2019un incident ne pourra aboutir \u00e0 une rem\u00e9diation efficace que si le M\u00e9tier est inclus. Tout comme pour les mises \u00e0 jour d\u2019\u00e9quipements, il convient donc de revoir les\u00a0<strong>proc\u00e9dures d\u2019arr\u00eat d\u2019urgence<\/strong>\u00a0avec les utilisateurs du SI Industriel. La formalisation d\u2019un\u00a0<strong>Plan de R\u00e9ponse \u00e0 Incident\u00a0<\/strong>permet\u00a0de planifier les actions \u00e0 mener en cas d\u2019incident cyber-industriel.<\/p>\n<p>Des\u00a0<strong>exercices de gestion de crise d\u00e9di\u00e9s au SI Industriel<\/strong>\u00a0doivent \u00e9galement \u00eatre men\u00e9s pour assurer une pr\u00e9paration optimale des \u00e9quipes et mettre en lumi\u00e8re les \u00e9ventuels manques.<\/p>\n<p>&nbsp;<\/p>\n<h2>Une approche progressive\u00a0et participative\u00a0garantira le succ\u00e8s de la d\u00e9marche<\/h2>\n<p>La mise en conditions de s\u00e9curit\u00e9 d\u2019un SI Industriel est un chantier complexe qui ne peut \u00eatre faite qu\u2019avec le M\u00e9tier.\u00a0Il convient\u00a0donc de\u00a0travailler avec lui de mani\u00e8re progressive et participative sur chacun des chantiers suivants\u202f:<\/p>\n<ul>\n<li><strong>Prendre connaissance de son SI Industriel <\/strong>en r\u00e9alisant une cartographie\u00a0en priorisant les \u00e9l\u00e9ments les plus critiques\u202f;<\/li>\n<li><strong>Mitiger les risques sur le SI Industriel <\/strong>en mettant en place l\u2019\u00e9tat de l\u2019art de l\u2019architecture r\u00e9seau s\u00e9curis\u00e9e et d\u00e9finir les processus d\u2019administration \u2013 les SI de S\u00fbret\u00e9, par leur criticit\u00e9, devront faire l\u2019objet d\u2019une attention particuli\u00e8re\u202f;<\/li>\n<li><strong>Atteindre un niveau de s\u00e9curit\u00e9 ad\u00e9quat <\/strong>par le durcissement et le maintien en conditions\u00a0de s\u00e9curit\u00e9 des \u00e9quipements dans le temps \u2013 des discussions pourront notamment avoir lieu avec les fournisseurs et constructeurs d\u2019\u00e9quipements\u202f;<\/li>\n<li><strong>Mettre en place les outils n\u00e9cessaires \u00e0 la d\u00e9tection d\u2019incident de s\u00e9curit\u00e9<\/strong>, qui peuvent avoir une influence sur la production, et d\u00e9finir les processus de r\u00e9action.<\/li>\n<\/ul>\n<p>Toutes ces actions ne peuvent\u00a0pas toujours \u00eatre men\u00e9es en parall\u00e8le.\u00a0La\u00a0<strong>d\u00e9finition d\u2019une feuille de route<\/strong>\u00a0claire va permettre la priorisation des diff\u00e9rentes actions pour pouvoir maitriser les co\u00fbts et maximiser l\u2019apport pour le M\u00e9tier.<\/p>\n<p>Si ce vaste chantier est souvent initialis\u00e9 en central, l\u2019enjeu reste de pouvoir embarquer les sites,\u00a0parfois r\u00e9partis dans le monde entier,\u00a0pour assurer une s\u00e9curit\u00e9 p\u00e9renne dans le temps. Nous observons,\u00a0en g\u00e9n\u00e9ral, une d\u00e9marche en deux temps\u202f:<\/p>\n<ol>\n<li>Un\u00a0<strong>programme cybers\u00e9curit\u00e9 pluriannuel\u00a0<\/strong>(souvent 3 ans)\u00a0pour un budget de 10 \u00e0 15 millions d\u2019euros\u00a0visant\u202f\u00e0 :<\/li>\n<\/ol>\n<ul>\n<li>R\u00e9aliser l\u2019inventaire des SI Industriels\u202f;<\/li>\n<li>\u00c9lever le niveau de s\u00e9curit\u00e9 du parc existant par la mise en place de protections souvent p\u00e9rim\u00e9triques et de filtrage ainsi que la rem\u00e9diation des vuln\u00e9rabilit\u00e9s\u202fles plus critiques \u2013 la d\u00e9finition de proc\u00e9dures est ici n\u00e9cessaire\u202f;<\/li>\n<li>Faire \u00e9merger un premier r\u00e9seau de coordinateurs\u00a0cybers\u00e9curit\u00e9 locaux\u202f;<\/li>\n<\/ul>\n<ol start=\"2\">\n<li>La cr\u00e9ation d\u2019une\u00a0<strong>fili\u00e8re cybers\u00e9curit\u00e9 industrielle\u00a0<\/strong>et de<strong>\u00a0la gouvernance associ\u00e9e<\/strong>\u00a0r\u00e9unissant\u202f:<\/li>\n<\/ol>\n<ul>\n<li>Le cadrage des activit\u00e9s cl\u00e9s \u00e0 piloter par les acteurs locaux\u202f;<\/li>\n<li>La construction participative d\u2019outils pour aider ce r\u00e9seau de responsable locaux \u00e0 op\u00e9rer les activit\u00e9s de cybers\u00e9curit\u00e9 sur le contenu\u202f;<\/li>\n<li>La construction des moyens de pilotage de la mont\u00e9e en maturit\u00e9 et de gestion du changement\u202f(matrices de maturit\u00e9, outils de mod\u00e9lisation budg\u00e9taire par site, d\u00e9finition d\u2019indicateurs de pilotage, services centraux consommables par les sites\u2026).<\/li>\n<\/ul>\n<p>La mise en place de la gouvernance peut d\u00e9marrer apr\u00e8s le programme et tirer ainsi profit du premier r\u00e9seau de correspondants sensibilis\u00e9s \u00e0 la cybers\u00e9curit\u00e9 b\u00e2ti par le programme.<\/p>\n<p>Une fois construite, il s\u2019agit ensuite de l\u2019animer et de piloter la progression des sites et des syst\u00e8mes industriels \u00e0 la fois en termes de niveau de s\u00e9curit\u00e9\u00a0et\u00a0de niveau de maturit\u00e9.<\/p>\n<p>Cette animation r\u00e9unit en g\u00e9n\u00e9ral\u00a0:<\/p>\n<ul>\n<li>Un r\u00e9seau responsables cybers\u00e9curit\u00e9\u00a0locaux de 0,5 \u00e0 2 ETP<a href=\"#_ftn6\" name=\"_ftnref6\">[6]<\/a> par site en charge de r\u00e9aliser les projets, d\u2019impl\u00e9menter les activit\u00e9s r\u00e9currentes de cybers\u00e9curit\u00e9, d\u2019am\u00e9liorer continuellement la s\u00e9curit\u00e9 et de reporter\u202f;<\/li>\n<li>Une \u00e9quipe centrale de 3 \u00e0 10 ETP\u00a0pilotant globalement et appuyant\u00a0les responsables\u00a0locaux\u00a0notamment en termes d\u2019expertise.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"#_ftnref1\" name=\"_ftn1\">[1]<\/a> IAM i.e. <em>Identity and Access Management<\/em>.<\/p>\n<p><a href=\"#_ftnref2\" name=\"_ftn2\">[2]<\/a> IDPS i.e. <em>Introduction Detection and Prevention Systems<\/em>.<\/p>\n<p><a href=\"#_ftnref3\" name=\"_ftn3\">[3]<\/a> SIEM i.e. <em>Security Incident and Event Management<\/em>.<\/p>\n<p><a href=\"#_ftnref4\" name=\"_ftn4\">[4]<\/a> SOC i.e. <em>Security Operation Center<\/em>.<\/p>\n<p><a href=\"#_ftnref5\" name=\"_ftn5\">[5]<\/a> CERT i.e. Computer Emergency Response Team.<\/p>\n<p><a href=\"#_ftnref6\" name=\"_ftn6\">[6]<\/a> Ces chiffres peuvent varier significativement en fonction de la taille de l\u2019entreprise et du nombre de sites locaux, il s\u2019agit d\u2019une moyenne observ\u00e9e dans de grandes organisations internationales que Wavestone accompagne.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nous avons vu au travers des articles pr\u00e9c\u00e9dents les solutions permettant d\u2019initier la s\u00e9curisation des SI Industriels. Une fois cette s\u00e9curisation r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 tout comme la mise en place de moyens de&#8230;<\/p>\n","protected":false},"author":161,"featured_media":12318,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3227],"tags":[2470,2885,3300,3269,926,1260,146],"coauthors":[1076,3253],"class_list":["post-12373","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-manufacturing-industry-4-0","tag-cyberresilience","tag-detection","tag-manuf-industry-4-0","tag-remediation","tag-scada","tag-si-industriel","tag-systeme-dinformation"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight<\/title>\n<meta name=\"description\" content=\"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight\" \/>\n<meta property=\"og:description\" content=\"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-18T14:11:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T08:06:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ali Fawaz, Benoit Bouffard\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ali Fawaz, Benoit Bouffard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\"},\"author\":{\"name\":\"Ali Fawaz\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88\"},\"headline\":\"Saga (3\/3) &#8211; Retours d&#8217;exp\u00e9rience et bonnes pratiques pour prot\u00e9ger et maintenir en condition de s\u00e9curit\u00e9 des SI Industriels\",\"datePublished\":\"2019-12-18T14:11:04+00:00\",\"dateModified\":\"2019-12-31T08:06:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\"},\"wordCount\":1942,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"keywords\":[\"cyberresilience\",\"d\u00e9tection\",\"manuf &amp; industry 4.0\",\"rem\u00e9diation\",\"SCADA\",\"SI industriel\",\"syst\u00e8me d'information\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Manufacturing &amp; Industry 4.0\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\",\"name\":\"Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"datePublished\":\"2019-12-18T14:11:04+00:00\",\"dateModified\":\"2019-12-31T08:06:13+00:00\",\"description\":\"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Saga (3\/3) &#8211; Retours d&rsquo;exp\u00e9rience et bonnes pratiques pour prot\u00e9ger et maintenir en condition de s\u00e9curit\u00e9 des SI Industriels\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88\",\"name\":\"Ali Fawaz\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ali-fawaz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight","description":"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/","og_locale":"en_US","og_type":"article","og_title":"Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight","og_description":"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/","og_site_name":"RiskInsight","article_published_time":"2019-12-18T14:11:04+00:00","article_modified_time":"2019-12-31T08:06:13+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Ali Fawaz, Benoit Bouffard","twitter_misc":{"Written by":"Ali Fawaz, Benoit Bouffard","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/"},"author":{"name":"Ali Fawaz","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88"},"headline":"Saga (3\/3) &#8211; Retours d&#8217;exp\u00e9rience et bonnes pratiques pour prot\u00e9ger et maintenir en condition de s\u00e9curit\u00e9 des SI Industriels","datePublished":"2019-12-18T14:11:04+00:00","dateModified":"2019-12-31T08:06:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/"},"wordCount":1942,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg","keywords":["cyberresilience","d\u00e9tection","manuf &amp; industry 4.0","rem\u00e9diation","SCADA","SI industriel","syst\u00e8me d'information"],"articleSection":["Cybersecurity &amp; Digital Trust","Manufacturing &amp; Industry 4.0"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/","url":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/","name":"Maintenir en condition de s\u00e9curit\u00e9 des SI Industriels (3\/3) - Risk Insight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg","datePublished":"2019-12-18T14:11:04+00:00","dateModified":"2019-12-31T08:06:13+00:00","description":"Une fois la s\u00e9curisation des SI Industriels r\u00e9alis\u00e9e, le maintien en conditions de s\u00e9curit\u00e9 doit \u00eatre assur\u00e9 et des moyens de d\u00e9tection mis en place.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/12\/Fotolia_51465744_Subscription_Monthly_M.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/12\/cybersecurite-si-industriels-3-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Saga (3\/3) &#8211; Retours d&rsquo;exp\u00e9rience et bonnes pratiques pour prot\u00e9ger et maintenir en condition de s\u00e9curit\u00e9 des SI Industriels"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88","name":"Ali Fawaz","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ali-fawaz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/161"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=12373"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12373\/revisions"}],"predecessor-version":[{"id":12496,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12373\/revisions\/12496"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/12318"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=12373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=12373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=12373"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=12373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}