Recent reports on the stealing of sensitive data from global companies bring industrial espionage to the forefront of the discussion. This subject is increasingly part of the real world of critical infrastructures since, in an extremely competitive and globalized market, ethical competition is often overlooked, causing the incessant pursuit of secret information from competing companies.
Do not let confidential data from your automation plants be stolen. Get to know our solutions for data security.
Industrial environments must have their own domain and directory of users and computers. This measure significantly elevates the level of security by centralizing access control administration and security policy management.
TI Safe implements with security controls specific to automation networks.
Figure: Active Directory-based domain configured in the automation network
Most cyber-attacks and infections make use of remote access in industrial systems. There are steps that must be followed for remote access security. Are they:
1 step: Identify user, computer and network: use double authentication factor through tokens of type PKI, OTP, bluetooth, SMS messages, among others. Network authentication must occur through site-to-site VPN with IPSEC and strong encryption must always be used.
2 step: The VPN gateway must validate credentials and grant access to a segregated network: from this point, the user can open a remote terminal service, which will allow him to access the systems authorized to him in the automation network.
3 step: The terminal environment should be protected against malware, have user-specific access permissions, and constant monitoring (logging and session recording).
Figure: Steps for secure remote access to industrial systems
To ensure the implementation of multi-factor authentication, management and monitoring of the remote access environment, TI Safe uses the Safenet Authentication Manager (SAM) solution together with physical or virtual tokens (Mobile Pass).
Figure: Strong authentication solution based on Safenet Authentication Manager (SAM) and Mobile Pass virtual tokens
Digital certification enables the transfer of existing credibility in the real world to the virtual environment. Trust and integrity are obtained through mathematical relationships within the so-called Public Key Infrastructure (PKI). In Brazil, electronic documents signed with a valid digital certificate by ICP-Brasil have legal value, and are legally accepted in the same way as paper documents signed by the pen and registered in a notary's office.
Security of systems based on digital certification is directly associated with the security of the storage of your private keys. These keys must be stored in Encryption Modules (Hardware Security Modules - HSMs), which guarantee its inviolability, besides offering performance in the tasks of encryption, digital signature and verification.
TI Safe has extensive experience in deploying Public Key Infrastructures that enable the use of digital certificates for signing and encrypting confidential documents and are used to ensure the integrity and confidentiality of documents, avoiding industrial espionage.
Figure: HSM Safenet Luna, network model (left) and PCI (right) - Used for encryption and large-scale digital signature