ICS cybersecurity : a road tunnel case study
In 2014, the working group on Industrial Control System cybersecurity (GTCSI), led by the French Network and Information Security Agency (ANSSI), published two guides:
- Cybersecurity for Industrial Control Systems - Classification Method and Key Measures
- Cybersecurity for Industrial Control Systems - Detailed Measures
The objective of this case study is to illustrate these two guides with a complete and concrete example: a road tunnel.
The first part of this study provides details on the complete method of classification, as such showing how to take certain elements into account.
After a presentation of the scope and the context of the case study, the various threats are analysed by specifying the possible links between cybersecurity and dependability. From these threats then stem the likelihood of an attack and therefore the class of each function. Finally, the various possible groupings between classes are compared in order to define the final architecture.
The second part of the case study corresponds to the implementation of measures present in the two guides. The architecture retained
at the end of the first part is thus analysed macroscopically, with regard to the main measures of the first guide. A proposal for securing the tunnel is then made using the second guide, by starting with the organisational measures followed by the technical measures.