With ongoing digitalization, the energy sector is undergoing rapid transformation. Modern energy grids are becoming more complex, more interconnected, and therefore also more vulnerable to cyberattacks. At the same time, the requirements for reliable data management and the highest levels of data security are increasing.
As a leading provider of innovative solutions, we integrate IT and cybersecurity from the very beginning. Our products are specifically designed for use in critical infrastructures and meet the strictest security standards. In doing so, we support network operators in sustainably protecting their systems, increasing operational reliability, and successfully driving digital transformation forward.
Product Security Incident Response Team (PSIRT)
To ensure an appropriate response to any report of potential cybersecurity vulnerabilities, SAE has established corresponding processes and measures. One of these measures is the implementation of a Product Security Incident Response Team (PSIRT), which continuously handles vulnerability reports and is responsible for their proper addressing and tracking.
Contact
encrypted E-Mail: psirt.sae@lacroix.group
If you would like to inform us about a vulnerability, please provide the following information:
- Contact details of the reporter (name, company, email, phone, etc.)
- Description of the vulnerability
- Affected product, software/firmware version
- Assumption whether the vulnerability is already being exploited
- Indication of whether an exploit already exists
- Impact of the vulnerability
- Statement on whether the discoverer wishes to be credited
- Comments
- File (for upload) with additional information, e.g., if a tracking ID already exists
Prozess
Security reports
As soon as a report of a potential cybersecurity vulnerability is received by the LACROIX SAE PSIRT, an acknowledgment of receipt will be sent within 7 working days to the contact provided in the report.
Erste Assessment
The LACROIX SAE PSIRT analyzes the vulnerability described in the report, its severity, and its impact on SAE products. Depending on the complexity of the described vulnerability, follow-up questions may be addressed to the contact provided in the report.
No later than 14 working days after the acknowledgment of receipt, the LACROIX SAE PSIRT prepares a preliminary report on the vulnerability and shares it with the contact via a previously agreed secure communication channel..
Investigation
The LACROIX SAE PSIRT works closely with the relevant development departments and suppliers of third-party components to identify the root causes of the reported security vulnerabilities. The contact provided in the report will be informed about progress during this phase.
Remediation
The LACROIX SAE PSIRT works closely with the development departments to provide a final resolution for the vulnerability.
If the reported vulnerability poses a high risk to SAE customers and a final fix would take too long to implement, LACROIX SAE will publish temporary mitigation measures. The contact provided in the report will be informed about the planned remediation timeline.
Disclosure
The LACROIX SAE PSIRT publishes relevant information about the reported vulnerability as well as corresponding patches or mitigation measures in the security advisory section on the website.
Disclaimer
LACROIX SAE reserves the right to modify the process described here at any time or to deviate from it if necessary.
Vulnerability resports
Here you will find information on current security topics as well as the corresponding LACROIX SAE products – including our latest security alerts.