Feb 11, 2021, 11:25 AM
After People in the food industry in December and a focus on Corporate Social Responsibility (CSR) in January, the theme for this month of February is dedicated to Digital and Digital and their contribution to the food industries. A key subject and of the future, all the more so in the current context.
To discuss digital transformation and cybersecurity today , Eric Martin, Director of the École Nationale Supérieure d'Ingénieurs de Bretagne-Sud (ENSIBS) and Head of the SCAP-Industry of the future platform, has agreed to participate in our format "3 questions to" ...
What can be the new risks induced by digital and digital transformation today for an agri-food company?
The digital transformation of the food industry is a necessity for all kinds of reasons, industrial performance, agility, e-supply chain, traceability or even social and environmental responsibility. The strategic contract of the agri-food sector (November 2018) lists digital as a priority project to restore consumer confidence, to improve control of quality and traceability, to gain in competitiveness through automation and to restore attractiveness to consumers. jobs.
Without falling into simplicity, I would say that we have three factors to consider on cyber risk:
- - The threat is increasing and structured, it is global and organized. The ANSSI national agency for the security of information systems speaks of threats classified according to the capacity and exposure of the industrial information system. The threat comes as much from a cyber offender as it does from a malicious organization and from negligent personnel.
- - Vulnerability is a weakness in equipment, applications, procedures or organization. Often the company ignores or underestimates its vulnerabilities. Yet according to CERT-Kaspersky most of these vulnerabilities are Low-Tech , 17% come from authentication subject, 15% are unsuitable web services.
- Finally, the impact is the measure of the severity, consequence of an attack. It is very surprising to note that the IAA have business continuity plans relating to industrial risks and almost completely neglect the business continuity plans or business recovery plans relating to cyber risks. As in any industrial project, you have to weigh the issues, the advantages and the risks. We must also work to control risks.
In the current health context, many companies are going digital to optimize their business. What advice would you give them for effective support and protection from cyberthreats?
- for teleservices, use VPNs virtual private network that any IT department must install before bringing their PC home. Other recommendations can be found in the recent CLUSIF report  .
- - Finally the organizational plan, train and appoint the corresponding security officers within your company. The mission can be found in the guide for developing the PSSI  ANSSI's Information Systems Security Policy . These agents are close to the users, they facilitate the distribution of security information and ensure the feedback of security information.
More generally, in France, do you think our level is satisfactory with regard to cybersecurity?
My feeling is that it is not the technologies that we miss the most. It is a huge gap in cyber culture that is lacking in our organizations, our procedures, our leaders. Sometimes I relive in my discussions on industrial cybersecurity what I experienced at the start of my career when we started to promote quality engineers: We don't see what this is for, I don't have a budget for this subject. , these are still constraints that will disrupt our work.
Related tagsdigital transformation traceability supply chain agrifood cybersecurity