Our background regarding cyber security
So far, the CATO system has most often been implemented without deep integration with the customer’s other system. Safety requirements are low (SIL0). Cybersecurity has mainly been a matter of ensuring the system’s operational availability, reliability and theft protection. A structure corresponding to it is used in a previous project.
The software system is built in Java, usually with Linux as the OS.
We have so far built according to the following guidelines.
Administration: Login over SSH – simple authentication
Server to server: SSH tunnels / https
The server side
We use Ubuntu Linux or RHEL. OS hardening according to the Center for Internet Security
Components containerized with Docker CE.
IDE: IntelliJ Idea
Language: Java / Scala
Version management: Git / Github
Building system: Gradle (groovy)
Build Server: Jenkins (pipelines)
Certificate management: manual
The list of requirements regarding cybersecurity is very detailed at the same time as they are to some extent open to alternative solutions. Many requirements relate more or less to specific solutions.
They include, for example:
• Aspects of logging when trying to access
• Access rights, e.g. for maintenance/troubleshooting
• Login, password
• Control of access to file systems
• Requirements for server functions, firewalls
Our need for consulting support primarily includes contributing to how we reasonably meet those requirements
The company also participates in the development of our guidelines for an appropriate adaptation of software and configuration with respect to these. Possibly support from various experts in the field of cybersecurity is needed because it covers many disciplines.
We feel that the consulting support is mainly about how to adapt the CATO system regarding:
• Credentials; TLS, distribution of certificates
• Use of external services: Active directory, company’s system Radius for authentication
• OS setup/hardening, AppArmor configuration
• Distribution of software
• Login, access rights