Add Your Heading Text Here

Part 4

In order to determine the type of protection that the installation to be protected, we must situate it in its environment and analyze the type of interconnections that exist or are envisaged for it.

Indeed, interconnections are an important source of vulnerabilities and, before interconnecting two networks, it is imperative to carefully consider the risks that may result.

There are several types of interconnections.

Let us consider for the purposes of this presentation that the installation to be protected is part of a network that we will call “Industrial Network”. It is quite obvious that this Industrial Network may include one or more installations that each require protection against cyber-attacks.

The installation can therefore be interconnected either in the same network to another installation, or with a public network such as the Internet or telephony, or with an information and management system or another industrial network of a different class.

The fundamental rule to be observed in interconnections between different networks is PARTITIONING, regardless of the type of network to which the industrial network must be interconnected.

But this partitioning must be unidirectional in the case of an installation of class 1  from the industrial system to any other network, including another industrial network of the same company or institution, whether of lower class or of the same class.

This partitioning must also be unidirectional in the case of an installation of class 2 from the industrial system to a public network or to another industrial network of class 3.

The partitioning of the industrial network of Class 3 must not be unidirectional.

The best way to partition a network is to protect it with a firewall, but not with just any firewall.

This firewall must in fact be able to withstand increasingly sophisticated attacks, even those carried out from a quantum computer, and must be able to protect the data collected by the installation if it has this effect, and above all it must be unidirectional when it comes to protecting an installation of class 1 or 2.

Interconnection of Installation Class 1

Interconnection of Installation Class 2

The system developed by PT SYDECO, ARCHANGEL OW©, meets all these requirements in that it allows the unidirectional and is completely impermeable to the attacks led even by a quantum computer because its protection and that which it provides are not based on theory of numbers.

For multi-directional protection, ARCHANGEL© will be chosen

Within the same industrial network, each installation must be protected by a system that is not an anti-virus that is incompatible with programmable High-Tech devices, but by a highly qualified protection system such as SST©, Secure System of Transmission, another product of PT SYDECO.

We therefore highly recommend protecting the industrial network within the company or institution by means of the uni-directional firewall ARCHANGEL OW© or ARCHANGEL© as the case may be and, within the same network, to protect each connection between installations by means of SST©.

We also advise not to connect a class 1 network, which requires the greatest vigilance, with a public network except, in case of absolute necessity using the VPN, such as the one created by ARCHANGEL and which does not call for the intervention of any third party.

Select language »