CLEARSY, designer of secure programmed systems, offers a range of services and products in the field of computer security. This offer responds to specific cybersecurity issues encountered in Operational Technology (OT). It covers all sectors of activity addressed by CLEARSY (railway, nuclear, defense, automotive, medical, industry, etc.).
SERVICES AND PRODUCTS
CLEARSY provides services and products in response to cybersecurity needs for industrial systems. These services and products are in line with the regulatory framework defined by ISO 27001, IEC 62443, IEC 62645, ANSSI (LPM, EBIOS-RM), Common Criteria.
CLEARSY’s cybersecurity offer can be broken down into 5 points :
- Risk analysis and prescription of safety requirements. This activity is conducted on system architectures and software.
- Critical analysis of an existing system and detection of vulnerabilities. This activity is carried out on system architectures and software.
- Formal security modeling. Aiming at both policy and behavior, this modeling allows to constitute proof elements usable for a Common Criteria certification at level EAL6+ and EAL7.
- The realisation of protection for an industrial system. The realisation includes the development of tailor-made software, the development of programmed hardware protection barriers (secure gateways) and their integration into existing software and systems.
- The development of vulnerability testing device.
EXAMPLES OF CYBERSECURITY PROJECTS
Cyber protection of a fire safety supervision system installed at a Vital Operator
Customers : Société du Grand Paris, Alstom, Thales
These activities are part of a turnkey system developed by CLEARSY for the supervision of fire device in Paris and Grand Paris metro stations. The operator is identified as an Operator of Vital Importance (OIV).
The activities carried out are:
- Implementation of cyber protection features: connection encryption, use of VLANs, account by AD, monitoring and logging of operation and connection anomalies.
- Production of the cybersecurity demonstration file, covering the development process and the analysis of the technical devices implemented: mapping, risk analysis (EBIOS RM), traceability of contractual and normative requirements in accordance with the standards relating to the Military Planning Law (LPM).
Development of a safe and cyber-secure computer board
Customer : BPI France
Publication: Safe and Secure Architecture Using Diverse Formal Methods, Part of the Lecture Notes in Computer Science book series (LNCS,volume 13704), DOI: 10.1007/978-3-031-19762-8_24
The CASES project has been selected in the framework of the first call for projects “Development of critical innovative technologies” – launched by BPI France to co-finance R&D on innovative and critical technological bricks in cybersecurity.
The project aims to build a computer board, integrating a cybersecure gateway allowing both the control and the remote update of a safe computing node. The platform should eventually offer a security level of EAL5+ (Common Criteria standard) and is based on the use of a formally proven microkernel (Proven Core from PROVENRUN).
The safety level of the computer is SIL4 according to the EN50126, 128, and 129 standards.
Gateway Honeywell – Digisafe
Customer : Siemens
The project consists in the realisation of a communication gateway on a computer (Moxa) between two protocols in order to be able to safely collect remote data from a Honeywell device in the Budapest metro.
Implementation of a test bench to qualify the robustness of classified links with regard to a denial of service
Customer : EDF
The project consists of carrying out a controlled simulation of a denial of service on a PLC link, and measuring the behavior of the PLC and its program following this request. This work is part of a C3 qualification campaign for several industrial programmable controllers (Schneider, Siemens, Hima) for nuclear power plants (CNPE).
Formal modeling of the safety policy and behavior of electronic components
Customers : Atmel, Idemia, STMicroelectronics
The project consists in the realisation of the security policy formal models for the Common Criteria certification up to EAL6+ level, for microcircuit type components. It is completed by support for the presentation of the deliverables to the certification bodies (CESTI/ANSSI, TÜV).
Cyber-security of a critical input/output controller for a metro
Customer: Thales Thales
The project consists in the implementation of an SNMPv3 server (remote monitoring and diagnosis) including authentication (MD5) and encryption (AES256) in a distributed I/O management equipment.
Protection of a control system for metro platform doors for ST Engineering
Customer: ST Engineering
The project consists in securing a remote maintenance protocol for a platform management equipment, authentication of the application by login and password, authentication of the UDP link by HMAC-SHA1.