Téléphone France: 08 20 20 08 39

Protection of State Critical Infrastructures - Cyberscurity

EVITECH has won the protection of several “OIV” (organizations considered as critical by the French government for state resilience, e. g. energy, water, health, etc). Our solutions are cyber-protected.

Depot gazEVITECH has won recently several OIV protection, among which important gas storage facilities and a new nuclear site.

Eric Paul, technical director of EVITECH, provides an update about issues and trends on this major market: “An important trend has raised: all the elements of the security chain are now considered as exposed, or potentially exposed, to the cyber risk(1).

Indeed,” he says, “whether it be a flash drive or a mouse laid on the ground in a parking lot(2), an alteration of the equipment by a subcontractor or a foreign power(3), or obviously a human risk, or an insufficiently secured data link, all the equipment and software of the safety chain are exposed to risks of cyber-security.”
“Our solutions rely on open-source software, which source code is public and shared, this being already a pledge of security, because all members of large communities, in particular cyber experts and researchers have access to and systematically report the risks they discover in these.

When a weakness exists, it is published, known and repaired, reducing the risk of a nasty surprise (0-day exploit(4)). Such flaws could remain hidden in private company software(5), that has a reduced number of programmers and experts by essence.
However, it’s insufficient, as we notice with the recent discovery of a critical flaw on the Wi-Fi protocol(6): we are ready since a few years with cyber-security strategies, consistent with ANSSI(7)’s requirements, and with the design of a hardened and lightened operating system, that allows to reduce the exposure of our software to the various known attacks. We don’t consider anymore the electronic equipment of physical security(8)  of corporate networks as being protected by walls and locks that surround them. »

And of course, EVITECH being accredited for defence, its structure and its employees are audited, developments of our software are completely held in France, by French engineers, without any offshore relationship, and the deployed equipment, even if they combine globalized components, are carefully audited (mainly integrated in Rennes, Brittany).

(1) Cyber risk: alteration risk or degradation of running, virus, or spying of a system by electronic way.

(2) http://www.slate.fr/story/30471/stuxnet-virus-programme-nucleaire-iranien

(3) https://thehackernews.com/2018/10/china-spying-server-chips.html

(4) Zero-day: flaw found in a software, provide with a hack exploiting it at the first day of publication.

(5) For example, Microsoft, Oracle …

(6) https://www.zdnet.fr/actualites/faille-majeure-dans-wpa2-wi-fi-que-faire-qui-est-concerne-maj-39858724.htm

(7) ANSSI: French cyber security agency :  https://www.ssi.gouv.fr/

(8) Video analysis, but also supervision, recorders, routers and switches, cameras, access control elements, local or remote alarm monitoring station, …