We therefore highly recommend protecting the industrial network within the company or institution by means of the uni-directional firewall ARCHANGEL OW© or ARCHANGEL© as the case may be and, within the same network, to protect each connection between installations by means of SST©.
We also advise not to connect a class 1 network, which requires the greatest vigilance, with a public network except, in case of absolute necessity using the VPN, such as the one created by ARCHANGEL and which does not call for the intervention of any third party.
Engineering stations that contain software for configuring industrial equipment and for programming High-Tech machines or even source codes, are vulnerable points and must be totally isolated from both industrial installations and information systems. This isolation will be done by means of unidirectional firewall in the direction starting from the stations with a connection protected by SST. They are indeed an open door to the control of the system by hackers.
These engineering stations are part of class 1 in our company classification system.
FIRST FOR ALL CLASSES:
– Create a map of the industrial system by making inventory of the installations,
– Verify the class of the company and determine the protection required by its installations according to the class to which it belongs,
– Create a map of the connections and interconnections of the machines to be protected. This is optional for companies belonging to class 3.
– Establish a continuity plan and define preventive measures,
AFTER INSTALLING FIREWALLS:
– Manage the access of users which must be limited to their presence in the premises,
– Create strong passwords and protect them with SST,
– Hierarchize access to different accounts and programs,
– Do not allow any file sharing that would use third party technology such as GOOGLE, and other GAFAM,
– Process a daily backup of the data and keep it in a specially dedicated server for this purpose itself protected,
– Perform a regular safety audit of the installation,
These ad minima recommendation have to be strictly followed by companies belonging to classes 1 and 2.