In order to protect IT, industrial and production systems French energy company, EDF, is conducting advanced research studies in cybersecurity to explore the full range of innovations in this area.
“We are preparing ourselves for the events that will inevitably occur!”, begins Youssef Laarouchi, R&D cybersecurity project manager at EDF and partner of the Seido Lab with Télécom Paris (IP Paris). To prepare for new threats against industrial power systems, Youssef Laarouchi and his team study the contribution of artificial intelligence in detection of possible attacks.
The issue that they are most interested in is how people who design viruses and other malware manage to conceal them and make them increasingly difficult to detect. Not only does malware spread by remaining hidden, they also now possess an advanced form of intelligence which allows them to evade the detection of classic prevention systems such as intrusion detection systems, intrusion prevention systems, or firewalls.
To analyse the behaviour of these malwares, the team uses a range of advanced technologies and works in collaboration with the academic research world. “To improve the detection rate, we use AI algorithms and couple weak attack signals to volumes of network traffic data, for example”, explains Youssef Laarouchi.
Data coupling was not studied much until now. “But today, we have mature AI and machine learning algorithms, and most importantly adequate computational power, because these analyses demand substantial computing time. This makes it possible to conduct interesting analyses with neural networks, supervised machine learning, etc.”
In addition to improving the detection of malware, the team broadens its research field to study new attacks targeting the lower layers of physical systems. “These malwares directly attack the core of the processor by inserting a command to gain privileges. This type of attack is generally invisible to the system’s higher levels”, specifies Youssef Laarouchi.
Ensuring confidentiality of personal data is yet another research subject. Data must be secure when they are transferred from one place to another or when they are stored on a server. It is possible to encrypt data, but they must be readable when required. “So, the question is: how can we use data without seeing and accessing them? This new field of cryptography is a key issue for an industrial company such as EDF. It makes it possible, for example, to offer services to clients that guarantee the protection of these data, which must remain private.”
The team also leads studies on quantum cryptography. Future quantum accelerators will soon be able to “break” the encryption keys currently in use. “We are preparing for this issue by developing and testing new encryption algorithms, and by studying certain quantum properties which we could use in post-quantum cryptography.”
This is a characteristic of research in industry: it consists of applied research on real data, somewhere between fundamental research and market solutions. The aim is to provide businesses with the tools they need and help to implement them.To stay up to date with fundamental research, EDF participates in the Chaire Cyber CNI (cybersecurity of critical infrastructures) of the Institut Mines-Télécom, in partnership with Télécom Paris, Télécom SudParis, the Pôle d’excellence cyber de la région Bretagne, as well as manufacturers including Nokia Bell Labs or Airbus. “We have common goals, we might as well try to achieve them by working together!”, concludes Youssef Laarouchi.
Chaire Cyber CNI, research to support critical infrastructures
Critical infrastructures include Operators of Vital Importance (OVI) and Operators of Essential Services (OES), which account for over 200 government entities and private companies. Their activities, facilities and infrastructures are deemed critical to run the nation State, including transportation, energy, banking, food, health, etc. Their information systems are subject to a particular attention from the Agence nationale de la sécurité des systèmes d’information (ANSSI, National Agency for the Security of Information Systems) that assists them in securing their sensitive systems.
They also benefit from research studies led in different institutions, such as the Chaire CNI, dedicated to the cybersecurity of critical infrastructures that are energy grids, water treatment plants, industrial processes or financial systems.Created in 2016, this research chair of the Institut Mines-Télécom is supported by IMT Atlantique. It conducts research work in partnership with Télécom Paris and Télécom SudParis. The work initially focused on the behavioural study of malwares or the diagnosis of the causes of incidents. During its second phase, launched in 2019, the Chaire CNI expanded its area of expertise to new research topics, including the use of artificial intelligence (AI) in cybersecurity, blockchain technology or the industrial applications of connected objects (Internet of Things).