Cybersecurity: a key priority for GRTgaz

Interview about cybersecurity and digital security actions implemented by GRTgaz.
European Cybersecurity Month - photo: Getty images / Busakorn Pongparnit

To mark European Cybersecurity Month, GRTgaz Information Systems Director (DSI) Hervé Constant and Head of Information Systems Security (RSSI) David Lecarpentier discuss measures taken by the company to combat cyber threats.

"In 2019, a portion of our systems was subject to stricter regulations. This made us step things up a notch in terms of cybersecurity and increased our focus on these various systems."

David Lecarpentier

Head of Information Systems Security (RSSI)

Why and since when has cybersecurity become such a central concern for GRTgaz?  

Hervé Constant (HC) : 
Cybersecurity has always been a central topic at GRTgaz, and increasingly so since 2010. We are used to our traditional management systems (automation, financial or professional information systems) coming under numerous attacks, and those targeting our operational system are likewise on the increase. So we had to also had to strengthen our defences in this area.

David Lecarpentier (DL) :
In 2019, a portion of our systems was subject to stricter regulations. This made us step things up a notch in terms of cybersecurity and increased our focus on these various systems. The new regulations give us reason to believe that things aren’t going to relax. The challenges will probably get more and more demanding. So it’s crucial that GRTgaz is able to adapt.

How many IT attacks have you identified in the past 12 months?

DL :
It’s important to distinguish between successful and unsuccessful attacks. We are fortunate not to have suffered any successful incidents or attacks, even though we have observed an increase in targeted threats. Something else to consider is the 400% increase in attacks against supplier companies. Around 15 of these were subject to severe assaults, which meant we had to standardise our response. It’s worth noting that we are affected even in the case of suppliers with which we have no digital connection. When a manufacturer shuts down, for example, not only can we not receive deliveries but we also halt all communications until their security level returns to an acceptable level. So we are also vigilant about the digital hygiene of our subcontractors, suppliers and customers.

"In 2021, it is inconceivable for infrastructure managers to do their job without IT. Becoming alive to the risk produced by industrial and digital convergence led us to do a lot of work in the area of cybersecurity. In 2019, we decided to hold a bi-monthly Executive Committee dedicated to the topic."

Hervé Constant

GRTgaz Information Systems Director (DSI)

What digital security challenges do gas infrastructure managers face?

HC :
In 2021, it is inconceivable for infrastructure managers to do their job without IT. Becoming alive to the risk produced by industrial and digital convergence led us to do a lot of work in the area of cybersecurity. In 2019, we decided to hold a bi-monthly Executive Committee dedicated to the topic.

DL : 
Transporting gas and developing renewable gases (including hydrogen) are two issues at the heart of French and European energy challenges. The energy transition shook up the positioning of key players in the energy market. GRTgaz’s challenge is to ensure resilience: to be able to fulfil its missions whatever situations and external tensions it finds itself confronted with.

What solutions have you implemented to prevent the risk of cyber attacks?

Hervé Constant & David Lecarpentier:

There are three main topics:

  1. A technological aspect (firewalls, use of AI, etc.)
  2. A human aspect, as technology does not protect us at all. Our daily efforts involve continuing to improve the company’s maturity so that our employees are the first line of defence against cyber attacks.
  3. Preparing ourselves in the event that it does happen, because there’s no such thing as zero risk. We train to neutralise the impacts or in any event to keep them as low as possible. 
    The goal for the coming year is to get the whole of the managerial chain on board. We want cybersecurity to be part of GRTgaz’s security landscape, in the same way as the safety of installations or financial security.

Remember that GRTgaz and Orange Business Service are working together to develop an autonomous solution aimed at protecting industrial services: see the press release.

This October sees the GRTgaz 30-DAY CYBERCHALLENGE!

Throughout the month, employees can access exclusive interactive content about digital security, with a range of cyber-challenges to tackle. This campaign is aimed at raising awareness and making everyone more responsible. It reflects GRTgaz’s desire to target cyber resilience.

Contents used