{"id":12738,"date":"2020-03-02T18:37:56","date_gmt":"2020-03-02T17:37:56","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=12738"},"modified":"2020-03-02T18:37:56","modified_gmt":"2020-03-02T17:37:56","slug":"saga-3-3-protection-and-security-maintenance-of-industrial-iss","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/","title":{"rendered":"Saga (3\/3) \u2013 Feedback from the field and good practices for the protection and the security maintenance of industrial ISs"},"content":{"rendered":"<p><em>We have seen through the previous articles the solutions allowing to initiate the security of Industrial IS. Once this securing has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.<\/em><\/p>\n<h2>Managing risks in the long term<\/h2>\n<h3>Equipment hardening<\/h3>\n<p>In addition to secure architecture and administration tools, security levels for each item of equipment should be increased according to the strict necessity principle. A generic <strong>hardening<\/strong> guide can be created and then adapted to each of the technologies identified by the industrial IS mapping. This allows some of the vulnerabilities to be remedied at configuration and system levels.<\/p>\n<p>Additional security can be provided by adding complementary solutions, such as:<\/p>\n<ul>\n<li><strong>Antivirus software<\/strong>, which will cover industrial workstations against the most common viruses, whether connected to the network or not (although the latter will require manual updates);<\/li>\n<li>Implementing strict rules on <strong>local machine firewalls<\/strong>, which can be used to prevent communications, and therefore intrusions, on unused ports, and to filter the origin of flows according to the protocols used \u2013 which means attempted attacks can be more easily detected;<\/li>\n<li><strong>Local administrator account-management solutions<\/strong> (for example, LAPS for Windows) finally make it possible to manage native administrator accounts on workstations in a central and individualized way.<\/li>\n<\/ul>\n<p>However, sometimes it may no longer be possible to harden equipment due to obsolescence. In such cases, there is a need to work with the relevant business functions <strong>on obsolescence management<\/strong> of the equipment \u2013 its potential replacement and, as a last resort, options to isolate it from the rest of the IS. On obsolete workstations, <strong>configuration blockers<\/strong> can be used to ensure the installation and use of components is limited only to those that are strictly necessary.<\/p>\n<p>It\u2019s important to remember that, while industrial ISs have vulnerabilities, they are, above all, part of the company&#8217;s means of production. Dialog with the relevant teams is therefore essential in understanding how equipment is used \u2013 in order to resolve the vulnerabilities while limiting effects on the business as far as possible.<\/p>\n<h3>Security maintenance<\/h3>\n<p>Once equipment has been brought up to the right level of security, a plan will be needed to maintain this over time. <strong>A choice of options for managing security patches<\/strong> can be developed to meet the needs of the business (in terms of availability, integrity, etc.) and synchronized with the maintenance of the industrial equipment through:<\/p>\n<ol>\n<li><strong>Integration into standard operating processes;<\/strong> for example, an installation\u2019s qualification\/quality processes may require that equipment be up to date. The updating and administering of equipment can therefore take advantage of plant shutdowns, especially where recertification is needed.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<figure id=\"post-12741 media-12741\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12741 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2.png\" alt=\"\" width=\"1137\" height=\"655\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2.png 1137w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2-332x191.png 332w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2-68x39.png 68w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2-120x70.png 120w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Image-1-2-768x442.png 768w\" sizes=\"auto, (max-width: 1137px) 100vw, 1137px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<ol start=\"2\">\n<li>Planning a <strong>\u201chot swap\u201d update process<\/strong> in the event of a critical security breach and a procedure for the preventive isolation of production lines \u2013 until it&#8217;s possible to interrupt the production process;<\/li>\n<li><strong>The identification of redundant<\/strong> or peripheral equipment where interventions can be carried out on the basis of straightforward interaction with production managers.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<figure id=\"post-12759 media-12759\" class=\"align-none\"><\/figure>\n<figure id=\"post-12759 media-12759\" class=\"align-none\"><\/figure>\n<figure><\/figure>\n<figure><\/figure>\n<figure id=\"post-12767 media-12767\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-12767\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-2.1.png\" alt=\"\" width=\"1159\" height=\"660\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-2.1.png 1159w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-2.1-335x191.png 335w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-2.1-68x39.png 68w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-2.1-768x437.png 768w\" sizes=\"auto, (max-width: 1159px) 100vw, 1159px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<p>To put in place these patching processes, the mapping carried out previously must have generated <strong>a precise equipment inventory<\/strong>, including:<\/p>\n<ul>\n<li>The identification of the equipment: type, location, and number of units;<\/li>\n<li>The industrial processes that each item of equipment is used for, and the associated criticality;<\/li>\n<li>The version of the operating system and\/or firmware, and the tools and configurations deployed;<\/li>\n<li>The cybersecurity needs of supported processes;<\/li>\n<li>The availability of redundancy, data buffering, and cold spares;<\/li>\n<li>The required patching frequency and patching history.<\/li>\n<\/ul>\n<p>But maintaining security levels isn\u2019t simply about applying patches to equipment, it should also:<\/p>\n<ul>\n<li>Define the process for updating the <strong>security solutions installed<\/strong> on equipment isolated from the network;<\/li>\n<li>Install <strong>removable media cleaning solutions<\/strong>, given that these types of tool remain in widespread use on industrial sites. Here, the use of portable solutions allows such media to be analyzed while moving around the site;<\/li>\n<li>Ensure the <strong>safeguarding of equipment configurations<\/strong> and their <strong>integration into the DRP<\/strong> in order to guarantee that equipment can be restarted following an incident while still meeting availability needs;<\/li>\n<li>Set up <strong>monitoring of the industrial IAM<a href=\"#_ftn1\" name=\"_ftnref1\">[1]<\/a><\/strong> to ensure robust physical and logical access control. This can also be used to automate a number of time-consuming activities that are still sometimes done manually.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Detecting cybersecurity incidents<\/h2>\n<p>The measures set out above help reduce the likelihood of risks occurring and increase the availability of equipment, which benefits the business. Nevertheless, there will still be a need to prepare for the worst and to have in place the tools needed <strong>to detect an incident<\/strong> \u2013 to be able to remedy such events as quickly as possible and minimize interruption times.<\/p>\n<h3>Putting in place detection<\/h3>\n<p>The first step is to activate the IDPS<a href=\"#_ftn2\" name=\"_ftnref2\">[2]<\/a> functions on networked equipment to ensure that a first stage of detection, and potentially automatic blocking, is in place.<\/p>\n<p>The next step is to collect information by deploying a concentrator on site. The network equipment and server logs can then be sent to existing or dedicated SIEMs<a href=\"#_ftn3\" name=\"_ftnref3\">[3]<\/a> where correlation and detection can take place. SOC<a href=\"#_ftn4\" name=\"_ftnref4\">[4]<\/a> and CERT<a href=\"#_ftn5\" name=\"_ftnref5\">[5]<\/a> teams can then carry out analysis and detection, and respond, if needed, to an incident, by working through standard scenarios.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-12769 media-12769\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12769 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-3.1.png\" alt=\"\" width=\"1152\" height=\"292\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-3.1.png 1152w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-3.1-437x111.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-3.1-71x18.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-3.1-768x195.png 768w\" sizes=\"auto, (max-width: 1152px) 100vw, 1152px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<h3>Anticipating specific risks<\/h3>\n<p>However, detection based on standard scenarios may offer only limited value to the business functions. Considering the entirety of sources (PC, Linux, UNIX, etc.) and setting up dedicated industrial IS probes, capable of interfacing with the SCADA systems, can enhance the detection system. Such solutions, however, can be costly.<\/p>\n<p>The key factor is to ensure a progressive and rapid increase in the maturity and value added by the SOC. Agile methods are a good fit here and involve the iterative application of the cycle described in the text box below.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-12771 media-12771\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-12771\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-4.1.png\" alt=\"\" width=\"1149\" height=\"553\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-4.1.png 1149w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-4.1-397x191.png 397w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-4.1-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/03\/Image-4.1-768x370.png 768w\" sizes=\"auto, (max-width: 1149px) 100vw, 1149px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<h3>Planning for remedial activities<\/h3>\n<p>Lastly, detecting an incident will only result in effective remediation if the business-function teams are involved. As with equipment updates, <strong>emergency stop procedures<\/strong> should be reviewed jointly with industrial IS users. A formal <strong>Incident Response Plan<\/strong> enables the actions for an industrial cyber-incident to be planned.<\/p>\n<p><strong>Dedicated industrial IS crisis-management exercises<\/strong> should also be carried out to ensure that teams are optimally prepared and to highlight any shortcomings.<\/p>\n<p>&nbsp;<\/p>\n<h2>Taking a progressive and participative approach guarantees an initiative&#8217;s success<\/h2>\n<p>The security maintenance of an industrial IS is a complicated undertaking that can only be successful if it is carried out in partnership with the business functions. A progressive and participative approach should be taken to work with them in each of the following areas:<\/p>\n<ul>\n<li><strong>Understanding the industrial IS<\/strong>, by mapping and prioritizing the most critical elements;<\/li>\n<li><strong>Mitigating the risks on the industrial IS<\/strong>, by implementing state-of-the-art secure network architecture and defining the administration processes \u2013 due to their criticality, safety ISs must be given particular attention;<\/li>\n<li><strong>Ensuring an adequate level of safety<\/strong>, by hardening and ongoing security maintenance \u2013 in particular, this will involve discussions with equipment suppliers and manufacturers;<\/li>\n<li><strong>Putting in place the tools needed to detect security incidents<\/strong> \u2013 these can have a bearing on production and define the response processes.<\/li>\n<\/ul>\n<p>The actions above can\u2019t always be carried out in parallel. <strong>Defining a clear roadmap<\/strong> will enable such actions to be prioritized. This will aid cost control and maximize the value added for the business functions.<\/p>\n<p>Given that such significant undertakings are often driven centrally, the challenge is to engage the individual industrial sites (which may be spread across the world) to ensure security levels can be maintained in the long term. In general, we observe that companies take a two-stage approach:<\/p>\n<ol>\n<li><strong>A multiyear cybersecurity program<\/strong> (typically carried out over three years), with a budget of \u20ac10m-15m, aimed at:\n<ul>\n<li>Creating the industrial IS inventory<\/li>\n<li>Raising the security levels of existing assets by putting in place protective measures, often involving separation and filtering, and remedying the most critical vulnerabilities \u2013 here, defining procedures is essential;<\/li>\n<li>Putting in place an initial network of local cybersecurity coordinators;<\/li>\n<\/ul>\n<\/li>\n<li>Create <strong>an industrial cybersecurity team<\/strong> and its <strong>associated management structures<\/strong> that bring together:\n<ul>\n<li>A framework of key activities that local players will need to manage;<\/li>\n<li>The participative construction of the tools that will help this network of local managers carry out their cybersecurity activities;<\/li>\n<li>The development of approaches to manage the increase in security maturity levels and change (such as maturity matrices, site-level budget-modeling tools, the definition of steering indicators, central services that the sites can draw on, etc.).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>Implementing the management processes can start immediately after the program and therefore benefit from the initial network of site-level cybersecurity coordinators put in place.<\/p>\n<p>Once constructed, it becomes a question of energizing the initiative and steering progress on the sites and industrial ISs, in terms of both security and maturity levels.<\/p>\n<p>Doing this typically involves:<\/p>\n<ul>\n<li>A network of local cybersecurity coordinators, of size 0.5 to 2 FTEs<a href=\"#_ftn6\" name=\"_ftnref6\">[6]<\/a> per site, who are responsible for carrying out projects, implementing ongoing cybersecurity activities, continuous security improvements, and reporting;<\/li>\n<li>A central team of 3 to 10 FTEs, to provide overall steering and support local managers \u2013 especially in terms of expertise.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"#_ftnref1\" name=\"_ftn1\">[1]<\/a> IAM i.e. <em>Identity and Access Management<\/em>.<\/p>\n<p><a href=\"#_ftnref2\" name=\"_ftn2\">[2]<\/a> IDPS i.e. <em>Introduction Detection and Prevention Systems<\/em>.<\/p>\n<p><a href=\"#_ftnref3\" name=\"_ftn3\">[3]<\/a> SIEM i.e. <em>Security Incident and Event Management<\/em>.<\/p>\n<p><a href=\"#_ftnref4\" name=\"_ftn4\">[4]<\/a> SOC i.e. <em>Security Operation Center<\/em>.<\/p>\n<p><a href=\"#_ftnref5\" name=\"_ftn5\">[5]<\/a> CERT i.e. Computer Emergency Response Team.<\/p>\n<p><a href=\"#_ftnref6\" name=\"_ftn6\">[6]<\/a> These figures can vary significantly depending on the size and number of local sites; they are the typical arrangements we observe in the large international organizations that Wavestone supports<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have seen through the previous articles the solutions allowing to initiate the security of Industrial IS. Once this securing has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means. Managing&#8230;<\/p>\n","protected":false},"author":161,"featured_media":12744,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3274],"tags":[2772,3468,3401,3466,2828,3469,2796,3467],"coauthors":[1076,3253],"class_list":["post-12738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-manufacturing-industry-4-0-en","tag-cybersecurity","tag-incidents-en","tag-industrial-is","tag-industry","tag-information-system","tag-planning-en","tag-risk","tag-scada-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS<\/title>\n<meta name=\"description\" content=\"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS\" \/>\n<meta property=\"og:description\" content=\"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-02T17:37:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ali Fawaz, Benoit Bouffard\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ali Fawaz, Benoit Bouffard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\"},\"author\":{\"name\":\"Ali Fawaz\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88\"},\"headline\":\"Saga (3\/3) \u2013 Feedback from the field and good practices for the protection and the security maintenance of industrial ISs\",\"datePublished\":\"2020-03-02T17:37:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\"},\"wordCount\":1581,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"keywords\":[\"cybersecurity\",\"incidents\",\"industrial IS\",\"Industry\",\"information system\",\"planning\",\"risk\",\"SCADA\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Manufacturing &amp; Industry 4.0\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\",\"name\":\"SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"datePublished\":\"2020-03-02T17:37:56+00:00\",\"description\":\"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Saga (3\/3) \u2013 Feedback from the field and good practices for the protection and the security maintenance of industrial ISs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88\",\"name\":\"Ali Fawaz\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ali-fawaz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS","description":"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/","og_locale":"en_US","og_type":"article","og_title":"SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS","og_description":"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/","og_site_name":"RiskInsight","article_published_time":"2020-03-02T17:37:56+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Ali Fawaz, Benoit Bouffard","twitter_misc":{"Written by":"Ali Fawaz, Benoit Bouffard","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/"},"author":{"name":"Ali Fawaz","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88"},"headline":"Saga (3\/3) \u2013 Feedback from the field and good practices for the protection and the security maintenance of industrial ISs","datePublished":"2020-03-02T17:37:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/"},"wordCount":1581,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","keywords":["cybersecurity","incidents","industrial IS","Industry","information system","planning","risk","SCADA"],"articleSection":["Cybersecurity &amp; Digital Trust","Manufacturing &amp; Industry 4.0"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/","name":"SAGA (3\/3) \u2013 Protection and Security Maintenance of Industrial IS","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","datePublished":"2020-03-02T17:37:56+00:00","description":"Once securing Industrial IS has been achieved, the maintenance in security conditions must be ensured as well as the implementation of detection means.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2020\/02\/Fotolia_51465744_Subscription_Monthly_M.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2020\/03\/saga-3-3-protection-and-security-maintenance-of-industrial-iss\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Saga (3\/3) \u2013 Feedback from the field and good practices for the protection and the security maintenance of industrial ISs"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/603e270f2a43f0064352928ef7718f88","name":"Ali Fawaz","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/ali-fawaz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/161"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=12738"}],"version-history":[{"count":13,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12738\/revisions"}],"predecessor-version":[{"id":12775,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/12738\/revisions\/12775"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/12744"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=12738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=12738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=12738"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=12738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}