Laurent Hausermann, SENTRYO: CISOs and Security Managers must work together with industry
October 2018 by Marc Jacob
At the Assises de la Sécurité conference, Sentryo will bolster its positioning as an industrial cybersecurity pioneer in France and abroad, after receiving the Cool Vendor in Industrial IoT and OT Security label from Gartner in April 2018. Given the threats facing industrial systems, Laurent Hausermann, CEO of SENTRYO, believes that CISOs and Security Managers must work together with industry.
Global Security Mag: What will you be presenting at the Assises de la Sécurité?
Laurent Hausermann: At the Assises de la Sécurité conference, we will bolster our positioning as an industrial cybersecurity pioneer in France and abroad, after receiving the Cool Vendor in Industrial IoT and OT Security label from Gartner in April 2018. Since the year began, strategic alliances have been signed with partners that specialize in the world of industrial networks, like Siemens. These partnerships prove that our products are recognized as useful, but most importantly they serve to indicate the value provided both to IT clients and producers. The Assises de la Sécurité will also enable us to present the latest improvements and optimizations to our ICS CyberVision cybersecurity solution, directly inspired by feedback from clients who use the platform: More helpful mapping and detection functions, increased collaboration with business units, and a simpler interface. Finally, visitors will be able to check out a new model of an industrial production line at our booth. This demonstration simulates an attack on an industrial system in a way that is educational, visual, and fun!
GS Mag: What will be the topic of your talk this year?
Laurent Hausermann: The title of our talk will be: “OT/IT Collaboration for heightened industrial cybersecurity”
CISOs and Security Managers must collaborate with industry, and in particular with the industrial control and automation systems teams. Sentryo will cite its own past experiences to relay the key factors that can make this collaboration a success. Working with the business unit requires an organizational approach supported by advanced technological tools. Sentryo will show how Artificial Intelligence and Data Visualization can get people from the industrial control team involved in setting up cybersecurity processes for industrial control networks. Attendees will learn how Sentryo, named a Gartner Cool Vendor in Industrial IoT and OT Security, offers an innovative approach dedicated to the challenges of the industrial Internet and industrial network security.
Come see on Thursday, October 11 in room Poulenc 1.
GS Mag: What are the main threats you’ve identified in 2018?
Laurent Hausermann: Attacks on industrial operations can take multiple forms:
Destroying production capacity
The attacker may be seeking to invisibly sabotage a process in order to destroy production capacity, or even the entire system. In Iran in 2009, the American and Israeli intelligence services disrupted the centrifuges that were being used to enrich nuclear fuel by raising its uranium content from 4% to 97%. The effect was to imperceptibly accelerate or slow down these machines, causing them to age prematurely. According to the International Atomic Energy Agency, this attack led to the replacement of about a thousand centrifuges, which set back the Iranian nuclear program by two years. This happened before the international talks. Interrupting production The WannaCry virus, which encrypted the data contained in computers and demanded a ransom to unlock them, forced Renault to interrupt its production for fifteen days at its plants in Douai and England. Saint-Gobain, which was hit by the same attack, estimated its losses to be €250 million, while the Danish shipping company Maersk put theirs at $200 million, and the American pharmaceutical laboratory Merck estimated more than $400 million in losses.
Destabilizing a country
Interrupting production may also have non-financial objectives. Right before Christmas 2015, 225,000 homes in Eastern Ukraine lost power for seven hours. It is hard to say with certainty who was behind the attack, but given the circumstances, it was probably a destabilization operation led by the Russian government. The thrust of the attack was to ensure that Ukrainian utilities could not restore power.
GS Mag: What about business needs?
Laurent Hausermann: There are two major ways to protect against cyberattacks: Either build walls and doors to prevent intrusions; or to adopt tools to detect attacks and raise alerts. Sentryo has opted for the second approach. Our ICS CyberVision platform includes a network of sensors and a central data visualization and analysis platform, which may be positioned either within the industrial facility or elsewhere, such as when monitoring a power grid, pipeline, or wind farm.
When we install our solution, we also discover interesting things: Systems that are meant to be unplugged really aren’t, a subcontractor the company no longer has any contract with is still connected to the plant, etc. Our involvement begins with a simple health check that consists of closing the doors that were left open inadvertently.
Next, beginning the monitoring itself, in order to detect anomalies. In principle, a machine is programmed to perform the same task each day (read this variable, check that list, etc.). Each discrepancy from the program must receive attention, as should every message attempting to edit the program. This monitoring is done entirely non-intrusively, rather like a camera placed in a room to detect motion. The challenge is being able to deploy our technology without needing to modify the system, which is a potential plus to our solution compared to the competition. Another benefit lies in the fact that the ICS CyberVision tool is accessible even to non-specialists. Our efforts have particularly focused on the visualization of results: With just a little training, any industrial or automation operator can understand when an anomaly has been detected and what to do.
GS Mag: In what way is your strategy changing to address these challenges?
Laurent Hausermann: The main challenge for Sentryo is to locate skills and democratize cybersecurity so that the right people are at the right controls in such projects. In an industrial setting, this means focusing on the industry’s engineers and technicians so that they actively participate in monitoring and improving the security of their networks.
That’s because there’s no way to design industrial cybersecurity projects these days without the expertise of the people in that industry, which is why Sentryo offers a solution tailored to them:
● a user interface that can depict the millions of pieces of information that may go through an industrial network in one day,
● a system based on Artificial Intelligence in order to determine what is the first security event to analyze in detail,
● a tool that we have put all of Sentryo’s industrial cybersecurity expertise into, so that people who aren’t experts can still upgrade a network’s cybersecurity. A winner of BPIfrance Avenir’s Innovation contest, Sentryo is working on the KITEA project that’s attempting to develop a smart cybersecurity monitoring system. See the press release here.
GS Mag: What is your message for CISOs?
Laurent Hausermann: Once they’ve gone through the discovery phase, CISOs must now take action in order to increase and ensure the security of their industrial systems. Today, these decision-makers are considering how to deal with people who aren’t IT professionals. However, this represents a real chance for CISOs to enhance and transform the scope of their work, by going beyond security projects to add value to their co-workers who are responsible for the performance and maintenance of the production systems. Collaboration between the IT and OT professions remains one of the key factors to successfully implementing an industrial cybersecurity project.