Industrial cybersecurity

As a trustworthy partner in the industrial market,
Lexsi offers a method, tools, resources and the expertise necessary to secure industrial systems aka “SCADA”

 

Top 10 vulnerabilities of industrial systems, as established by Lexsi (*) :

Lack of security patches and hardening of systems (OS/firmware)

Use of unsecured protocols

Lack of security supervision (IDS or Intrusion Detection Sensor and SIEM or Security Information Management System)

A Man/Machine interface that is always connected

Lack of cybersecurity monitoring

No active and updated antivirus on workstations and servers

Unsecured SIG/SII interconnection

Poor management of accounts and passwords

No tests or evaluations of the level of security

No secured development

 
(*) based on securty audits of more than 50 infrastructures
 
Your challenges 

Bringing awareness to control systems engineers and teams on industrial sites

Evaluating the risks and implementing responses tailored to the industrial environment

Making cybersecurity and industrial safety converge

Collecting information allowing a good evaluation of the evolution of risks as well as the necessary vigilance

Correlating the integration of ERP (Enterprise Resource Planning), the use of COSTS, the rationalization of IT investments with the criticality of industrial infrastructures.

Our assets to guide you 

A unique ability to offer perspective: monitoring new risks targeting Control Command/SCADA devices, synergy with our analysis and code auditing activities…

More than 5 years’ worth of feedback  (audit, privileged contact with solution providers and integrators, training, benchmarks)

An R&D department that has developed proprietary testing tools

 

 

 

 

Our Services

Our consultants are specially trained and offer you comprehensive responses so as to establish an objective assessment of the actual risks that can threaten the different components of the site. Our auditors define a pragmatic safeguarding plan based on best practices (ANSSI tools, CEI 62443 standard, specific sectorial standards for water/energy/transportation/etc.)

 

Consulting and expertise

Governance and blueprinting : industrial cybersecurity policy, identification of industrial cyber-risks 

Design of the industrial cybersecurity architecture : 

  • Development of a flow matrix 
  • Design of a partitioning system between the Industrial IS/enterprise IS
  • Design of an antiviral protection system as well as a remote access management system  
  • Penetration detection, processing of weak signals 
  • Protection of computer devices within the industrial IS 

Safeguarding of evolutions and updates :

  • Integration of the security issue into service level agreements   
  • Establishment of a cybersecurity acceptance process 
  • Control of the implementation of security measures (consulting engineers and technicians)
  • Management of remote access maintenance and assistance 

Business continuity plan

Assistance in managing and implementing a safeguarding plan 

Auditing and penetration tests

Security auditing of industrial site

Assessing the security level of a supplier or solution provider

Sealing auditing 

Component auditing

Penetration tests of the industrial chain

Penetration tests to raise awareness – Red Team

Threat Defense Center

Monitoring of SCADA (Supervisory Control And Data Acquisition) and Control System components and security publications

Forensic interventions

Targeted monitoring of activist groups and malicious activities

Training

Awareness campaigns

Demonstration of attacks on test platforms

Training for operational security in an industrial environment