Recent reports on the stealing of sensitive data from global companies bring industrial espionage to the forefront of the discussion. This subject is increasingly part of the real world of critical infrastructures since, in an extremely competitive and globalized market, ethical competition is often overlooked, causing the incessant pursuit of secret information from competing companies.
Do not let confidential data from your automation plants be stolen. Get to know our solutions for data security.
With the entry into force of the LGPD / GDPR, General Law on Data Protection, Brazilian companies of all sizes will have to invest in data security and implement compliance systems to detect and prevent violations of personal data, avoiding penalties and fines that can reach up to 50 million reais per incident.
The introduction of the LGPD / GDPR has business impact as it forces utilities to re-evaluate their data collection, security, and upgrade policies of existing systems to minimize possible leakage of sensitive information from individuals.
Figure: Data privacy for utilities
How can TI Safe help?
Ti Safe offers utility companies a set of solutions for the implementation of LGPD / GDPR requirements in their IT and Automation infrastructure. This set of services and technology solutions called LGDP / GDPR for utilities is based on the ICS.SecurityFramework® methodology and divided into implementation steps as follows:
1) Development of Risk Analysis in IT and TA networks
The. Understanding risks on networks where data travels and is hosted
B. IT and TA networks are analyzed
2) Security planning and data protection
The. Description of the needs of cyber security policies and controls for private data protection
B. Review of access control of sensitive data in IT and ATM networks, including verification of current authentication mechanisms and proposed improvements
W. Indication of the need to purchase security solutions to protect sensitive data
3) Deployment of security solutions
The. Implementation, customization, integration and training in technological solutions to protect confidential data such as:
* Security policies and procedures
* Sensitive data flow control
Strong Authentication Mechanisms
* Anonymization of private data using encryption
4) Continued compliance management via ICS-SOC®
The. Management of process security and solutions related to LGPD / GDPR
B. Maintenance of up-to-date evidence
W. Generation of reports for external audits
d. Generation of evidence for the government in case of audit or data leakage from IT networks and / or TA
and. Response to private data leakage incidents
f. Specialized legal support
Count on us to assist in the implementation of LGPD / GDPR in your company.
Most cyber-attacks and infections make use of remote access in industrial systems. There are steps that must be followed for remote access security. Are they:
1 step: Identify user, computer and network: use double authentication factor through tokens of type PKI, OTP, bluetooth, SMS messages, among others. Network authentication must occur through site-to-site VPN with IPSEC and strong encryption must always be used.
2 step: The VPN gateway must validate credentials and grant access to a segregated network: from this point, the user can open a remote terminal service, which will allow him to access the systems authorized to him in the automation network.
3 step: The terminal environment should be protected against malware, have user-specific access permissions, and constant monitoring (logging and session recording).
Figure: Steps for secure remote access to industrial systems
To ensure the implementation of multi-factor authentication, management and monitoring of the remote access environment, TI Safe uses the Safenet Authentication Manager (SAM) solution together with physical or virtual tokens (Mobile Pass).
Figure: Strong authentication solution based on Safenet Authentication Manager (SAM) and Mobile Pass virtual tokens
Digital certification enables the transfer of existing credibility in the real world to the virtual environment. Trust and integrity are obtained through mathematical relationships within the so-called Public Key Infrastructure (PKI). In Brazil, electronic documents signed with a valid digital certificate by ICP-Brasil have legal value, and are legally accepted in the same way as paper documents signed by the pen and registered in a notary's office.
Security of systems based on digital certification is directly associated with the security of the storage of your private keys. These keys must be stored in Encryption Modules (Hardware Security Modules - HSMs), which guarantee its inviolability, besides offering performance in the tasks of encryption, digital signature and verification.
TI Safe has extensive experience in deploying Public Key Infrastructures that enable the use of digital certificates for signing and encrypting confidential documents and are used to ensure the integrity and confidentiality of documents, avoiding industrial espionage.
Figure: HSM Safenet Luna, network model (left) and PCI (right) - Used for encryption and large-scale digital signature