With cyber-threats more dangerous and impactful than ever, countries have been taking initiatives over the last few years to address the resilience of critical infrastructure and protect national sovereignty. Since 2013, the Military Planning Law (LPM) in France has required that OESs implement measures to ensure the security of information systems of vital importance (SIIV).
ANSSI and PDIS SOC qualifications
ANSSI assists these OESs in their compliance efforts and ensures the law enforcement. OESs are obligated to work with independent trusted service providers for the critical phases of their SIIV’ cybersecurity. To qualify these service providers, ANSSI has created demanding standards, including the PDIS standard for security incident detection.
The PDIS standard requires a sufficient level of human, technical, and organisational resources mobilised to detect security incidents and comply with the best SOC (Security Operations Centre) practices. The role of this SOC is to prevent, detect, and handle security incidents, focusing on remediation actions.
Sopra Steria is one of France's SOC leaders
Sopra Steria works with large clients from “vitally important” sectors, such as Aeronautics, Energy, Banking, Transportation, and Defence. Sopra Steria has therefore chosen to invest in providing services that are compliant with ANSSI standards and requirements. Sopra Steria has been involved with ANSSI for more than 3 years throughout the process of creating the PDIS standard, and implemented this standard in its SOC operations during the testing phase.
Sopra Steria's PDIS SOC is a security incident detection service that is 100% outsourced to its cybersecurity centre in Toulouse. It meets PDIS requirements in terms of SOC activities, service security, governance, and analyst skill. Sopra Steria uses GCAP probes from Gatewatcher, a cyber threat detection specialist that already works with several OESs.
« Our clients benefit directly from a trusted service based on an isolated IS hosted in Sopra Steria's datacenters, guaranteeing a high level of security. They maintain full visibility on this IS, even when compromised, » explained Jean-Philippe Cassard, PDIS qualification manager at Sopra Steria.
Sopra Steria brings all of its expertise to this service, defining and implementing a detection strategy that matches the client's organisational cyber risk profile and handling security incidents 24/7.