After implementation of a cybersecurity remediation plan, it is essential to keep a watchful eye on the entire industrial control system (ICS). Firstly, firmware and software should be regularly updated to the latest versions. Secondly, changes in the network, for example, installing new hardware or changing a device’s configuration, should be monitored because they may impact the entire system’s vulnerability. In addition, new threats may arise, requiring an appropriate response. ENGIE Laborelec, therefore, provides smart cybersecurity management services, supporting industries to maintain a high level of cybersecurity.
Context and service scope
Managing the asset inventory and the related vulnerabilities
ENGIE Laborelec offers SLA services tailored to customer’s needs. We use a broad range of highly reputable tools to monitor the critical infrastructure without disrupting operations and keep the inventory up to date. Other tools allow us to deploy controlled updates of antivirus software, operating systems and applications, always in close concertation with system vendors and the local IT/OT department. In addition, dedicated tools map the local inventory against the latest vulnerabilities published on public feeds, allowing a targeted response.
Identifying and managing operational cybersecurity incidents
ENGIE Laborelec also offers comprehensive network intrusion detection services (NIDS), using automated tools that detect suspicious activities and generate alerts. The service is tailored to the customer’s needs to allow focusing on real threats and keeping costs within a reasonable range. Examples of alerts being generated include industrial protocol violations, new MAC addresses for an existing IP address, port scans, multiple unsuccessful login attempts, and modification of PLC registers. Depending on the SLA, we carry out onsite interventions for agreed incident types.
Threat intelligence reporting
ENGIE Laborelec also provides a threat intelligence reporting service to keep customers informed about relevant new cybersecurity threats. We produce human-readable reports for both technical teams and executives. The technical reports target information security and emergency response teams, providing detailed insights on the latest ICS vulnerabilities, a focus on the latest ICS cybersecurity news, technical analyses on vulnerabilities and issues, expert advice and hacktivist insights. The executive reports contain the major headlines on the latest ICS cybersecurity events, a short expert note, cyber hacktivists activity summary, and various graphs on vulnerabilities trends.