The Cybersecurity of Critical Infrastructures Chair welcomes new partner Société Générale

The Institut Mines-Télécom Cybersecurity Chair, launched last year on January 25 as part of the dynamic created by the Center of Cyber Excellence, is aimed at contributing to the international development of research activities and training opportunities in an area that has become a national priority: the cybersecurity of critical infrastructures (energy networks, industrial processes, water production plants, financial systems, etc.). The projects are in full flow, with the addition of a new partner company, Société Générale, and the launch of 3 new research topics.

Société Générale Group, an 8^th partner joins the Chair

Nicolas Bourot, Chief Information Security Officer (CISO) and Operation Risk Manager (ORM) for the Group’s infrastructures explains, “We are all affected, a lot is at stake. In joining this Chair, Société Générale Group seeks to ensure it will have the necessary means to support the digital transformation.” In the words of Paul-André Pincemin, General Coordinator of the Center of Cyber Excellence, “This Chair is truly a task force, bringing together partners from both the academic and industrial sectors.”

The Chair is led by Télécom Bretagne, in collaboration with Télécom ParisTech and Télécom SudParis, the Region of Brittany, as part of the Center of Cyber Excellence, and 8 companies: Airbus Defence and Space, Amossys, BNP Paribas, EDF, La Poste, Nokia, Orange and now Société Générale Group.

Launch of 3 research topics

Simultaneously with the arrival of the new partner, three research topics have been launched. The objective of the first one is to develop an analytic capacity for system malfunctions, with the aim of identifying whether they are accidental or the result of malicious intent. This analytic capacity is crucial to assist operators in providing an adapted response, particularly when the malfunction is the result of a simultaneous or coordinated attack. The digitization of industrial control systems, and the systems’ ever increasing connection with cyberspace, does indeed create new vulnerabilities, as evidenced over the past few years by several incidents, with some even capable of destroying the production tool.

The second axis is about developing methods and decision-making tools for securing vitally important systems. The great heterogeneity of components, constraints that are technical (time constraints, communication rates, etc.), topological (physical access to the power plants, geographic distribution within the networks, etc.) and organizational in nature (existence of multiple players, regulations, etc.) represent obstacles that prevent traditional security approaches from being directly applied. The objective of this research is to provide vitally important operators with a methodology and associated tools that simplify the decision-making process during both the phases of security policy definition and the response to incidents.

Finally, the chair will also start the co-simulation of cyber-attacks to network control systems. This third subject involves improving the resilience of critical infrastructures, i.e. their capacity to continue working, potentially in downgraded mode, when affected by cyber-attacks. The research is specifically focused on network control systems that enable a connection between the different components of a traditional control system, such as the controllers, sensors and the actuators. The objective is therefore to advance developments in this area by offering innovation solutions that reconcile requirements for safety, operational security, and continuity of service.

[divider style=”solid” top=”5″ bottom=”5″]

In the coming months…

Chair partners will contribute to major upcoming gatherings:

– CRiSIS, the 11^th edition of the Conference on risks and the security of information systems, taking place next September 5-9 in Roscoff

– RAID, the 19^th edition of the Conference on research on attacks, intrusions and defense, taking place September 19-21 in Evry (Télécom SudParis):

– Cybersecurity event, Les Assises de la cybersécurité, taking place October 5-8 in Monaco

– European Cyber Week, November 21-25 in Rennes

[divider style=”solid” top=”5″ bottom=”5″]