CUSTOMER CASE

The Paris Sanitation Authority (SIAAP) chooses PAM4OT to control the actions of its external providers and secure access to SCADA equipment

Abstract

Stéphane Corblin is responsible for the Network Architecture of the Paris Sanitation Authority (SIAAP) and his mission is to ensure the operation and security of the entity’s IT network.

Although the SIAAP is not classified as an Operator of Vital Importance (OVI) by the ANSSI, it strives to follow the rules issued by the French national cybersecurity agency. As some sites are classified as “high threshold SEVESO”, infrastructure security, and in particular the control of access to water treatment equipment, is a major issue for Corblin. The main risk identified is the discharge of untreated water into nature, which poses risks to the environment.

CONTEXT

> Numerous sites, some of which are classified as high threshold SEVESO”.

> Risks identified around water purification.

> The SIAAP “washes” the water used by nearly 9 million people in the Paris region.

> Covers a territory of 1800km2.

> Treats nearly 2.5 million m3 of wastewater every day in dry weather.

CHALLENGES

> Control access to external service providers.

> Secure access to SCADA supervision.

> Implement a quick and easy-to-deploy solution.

1

CHALLENGES

Controlling access to external service providers and securing access to SCADA monitoring.

To strengthen the security of its IT infrastructure, the SIAAP wanted to equip itself with a solution that would address two main issues: controlling access to external service providers and securing access to SCADA monitoring.Both managing the access of external service providers to the VPN and opening the rules teams were becoming a major workload for the IT teams. In addition, Stéphane Corblin wanted the functional managers of the applications to be aware of the operations performed by their service providers.It was also necessary to ensure access to SCADA monitoring for certain agents, especially during on-call service. Since the latter are connected via RDP to a station located between the IT and industrial firewalls, better visibility was essential. The SIAAP also had to replace the servers located in the exchange areas that did not necessarily meet the security standards to be applied.The Paris Sanitation Authority wanted to implement a solution that was quick to deploy, easy to administer and had French-speaking support available.

2

SOLUTION

Quick deployment

The PAM module of the PAM4OT solution, the WALLIX Bastion, was installed after a successful POC (Proof Of Concept). Integration into the SIAAP architecture and deployment of the solution took less than 2 weeks.It is organized as follows: 97 users and 55 declared groups, 69 devices, 4 applications with 3 clusters; 46 server groups, 45 authorization management, 4 used network interfaces, 16 user profiles, 4 time slots.

Thanks to its access control and administration traceability functionalities, the WALLIX Bastion has allowed us to considerably reinforce the security of our infrastructures and equipment.”

Stéphane Corblin,Head of Network and Security Architecture at SIAAP‍

3

ADVANTAGES

Operational efficiency guaranteed.

> Easier access management for external service providers: Thanks to its access control and password management functionalities, the installation of the WALLIX Bastion has made it possible to set up a real control policy for external service providers, from the management of passwords to the traceability and recording of operations carried out on the equipment.

> Good integration in the SIAAP network architecture: With its agentless installation, the WALLIX Bastion is easily and quickly installed even in heterogeneous environments.

> Traceability of connections: All external connections passing through the WALLIX Bastion, as well as the interventions of external service providers, are entirely traced and recorded in video format or in command lines.

> User satisfaction: Easy to install, with responsive and competent support in French, and greatly facilitating the work of internal teams in managing external suppliers, the WALLIX Bastion has been quickly adopted by users.

OPT FOR
A HOLLISTIC CYBER-PHYSICAL SECURITY

PAM4OT
Trace identity and access on industrial controls

GAIN
A COMPETITVE EDGE

WALLIX Inside
Embed Security by Design

You have questions,
we have answers.

Get in touch with us.