3 questions for ... Eric Martin: "The digital transformation of the food industry is a necessity"

News

Feb 11, 2021, 11:25 AM

Smart Factory

After People in the food industry in December and a focus on Corporate Social Responsibility (CSR) in January, the theme for this month of February is dedicated to Digital and Digital and their contribution to the food industries. A key subject and of the future, all the more so in the current context.

To discuss digital transformation and cybersecurity today , Eric Martin, Director of the École Nationale Supérieure d'Ingénieurs de Bretagne-Sud (ENSIBS) and Head of the SCAP-Industry of the future platform, has agreed to participate in our format "3 questions to" ...


What can be the new risks induced by digital and digital transformation today for an agri-food company?


The digital transformation of the food industry is a necessity for all kinds of reasons, industrial performance, agility, e-supply chain, traceability or even social and environmental responsibility. The strategic contract of the agri-food sector (November 2018) lists digital as a priority project to restore consumer confidence, to improve control of quality and traceability, to gain in competitiveness through automation and to restore attractiveness to consumers. jobs.


The digitization of data and mastery of information help to develop new knowledge of its industry. The risk is that we define as the result of vulnerability, threats and impacts for the industrialist when a malicious (or negligent) person exploits a vulnerability.



Without falling into simplicity, I would say that we have three factors to consider on cyber risk:

-           - The threat is increasing and structured, it is global and organized. The ANSSI national agency for the security of information systems speaks of threats classified according to the capacity and exposure of the industrial information system. The threat comes as much from a cyber offender as it does from a malicious organization and from negligent personnel.



-          - Vulnerability is a weakness in equipment, applications, procedures or organization. Often the company ignores or underestimates its vulnerabilities. Yet according to CERT-Kaspersky most of these vulnerabilities are Low-Tech , 17% come from authentication subject, 15% are unsuitable web services.

-
- Finally, the impact is the measure of the severity, consequence of an attack. It is very surprising to note that the IAA have business continuity plans relating to industrial risks and almost completely neglect the business continuity plans or business recovery plans relating to cyber risks. As in any industrial project, you have to weigh the issues, the advantages and the risks. We must also work to control risks.



In the current health context, many companies are going digital to optimize their business. What advice would you give them for effective support and protection from cyberthreats?

The concept of defense in depth is based on a three-pronged approach to cybersecurity: the technological aspect, the organizational aspect and the procedural aspect. The health crisis has caused a considerable number of employees to switch to telework; at the same time, the challenges of the health sector have caused a dazzling increase in cybercrime against hospitals, the supply chain and medical research laboratories. However, the first steps to adopt are simple:

 

-           - for procedures, I advise following the safety recommendations for teleworkers [1] presented by the site www.cybermalveillance.gouv.fr ;


-           - for teleservices, use VPNs virtual private network that any IT department must install before bringing their PC home. Other recommendations can be found in the recent CLUSIF report [2] .

-           - Finally the organizational plan, train and appoint the corresponding security officers within your company. The mission can be found in the guide for developing the PSSI [3] ANSSI's Information Systems Security Policy . These agents are close to the users, they facilitate the distribution of security information and ensure the feedback of security information.

 

More generally, in France, do you think our level is satisfactory with regard to cybersecurity?

France is structurally organizing itself on cybersecurity issues: at the legislative level (in particular the military programming law which defines the responsibilities and actions in terms of cybersecurity), on the support provided by the ANSSI, the national agency for security of information systems, on the rise of trusted service providers (the Cyber Campus which was created in La Défense, the PEC Cyber center of excellence in Brittany), and finally in terms of training so many experts in cyber defense or industrial engineers "certified industrial cybersecurity".


My feeling is that it is not the technologies that we miss the most. It is a huge gap in cyber culture that is lacking in our organizations, our procedures, our leaders. Sometimes I relive in my discussions on industrial cybersecurity what I experienced at the start of my career when we started to promote quality engineers: We don't see what this is for, I don't have a budget for this subject. , these are still constraints that will disrupt our work.



[1] https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/recommandations-securite-informatique-teletravail

[2] https://clusif.fr/publications/teletravail-cybersecurite-et-collaborateurs-les-nouveaux-equilibres/

[3] https://www.ssi.gouv.fr/uploads/IMG/pdf/pssi-section3-principes-2004-03-03.pdf


Related tags
digital transformation traceability supply chain agrifood cybersecurity

Similar news


Related to the article


A catalog rich in content

Make a search