ICS/OT

ENISA Calls For New ICS/SCADA Cybersecurity Certification Programs

The European Union Agency for Network and Information Security (ENISA) has published a new study on the challenges of developing certification schemes for cybersecurity professionals in the field of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA).

<p><span><span><strong>The European Union Agency for Network and Information Security (ENISA) has published a new study on the challenges of developing certification schemes for cybersecurity professionals in the field of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA).</strong></span></span></p>

The European Union Agency for Network and Information Security (ENISA) has published a new study on the challenges of developing certification schemes for cybersecurity professionals in the field of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA).

ICS/SCADA systems are increasingly targeted by malicious actors. A perfect example is the BlackEnergy2 threat group that has targeted numerous organizations in the energy sector. The group has been spotted attempting to deliver malware in ICS environments by leveraging vulnerabilities in Siemens products.

ENISA has pointed out that securing ICS/SCADA systems requires knowledge of operational technology (OT), information technology (IT), and cyber security. What makes this task even more challenging is the fact that industrial systems are used in a wide range of sectors, such as energy, automation, oil and gas, chemical, manufacturing, and pharmaceutical. While all of these sectors use similar physical systems, there are significant differences in their processes and operational procedures.

Avoiding commercial interests that can impact credibility, obtaining support from stakeholders, ensuring that future certifications will be improved compared to existing ones, and exploring the professional roles of ICS/SCADA experts are also on the list of challenges identified in the report.

ENISA has identified several certification schemes specific to ICS/SCADA cybersecurity, such as the International Society of Automation’s ISA 99/IEC 62443 Cyber Security Certificate Program, the SANS Global Industrial Cyber Security Professional certification (GICSP), and the Certified ICS/SCADA Security Architect (CSSA) certification from the Information Assurance Certification Review Board.

Current certifications have a theoretical approach and the EU agency believes a practical aspect should be included in future programs. However, including a practical component can be challenging because ICS operations usually need to be executed continuously, which makes it difficult to put knowledge into practice on production systems.

Advertisement. Scroll to continue reading.

There is currently only a limited offer of ICS/SCADA cybersecurity training programs. The list of organizations that provide such courses includes ICS-CERT, CCI-ES, ENCS, Firebrand, InfoSecure, TSTC, Deloitte, and SCADAHacker.

A survey conducted by ENISA has revealed that only 55% of ICS/SCADA experts are aware of existing certification schemes. While three quarters of respondents are considering getting certified, only one third of them have obtained or are in the process of obtaining a cybersecurity certificate.

Interviewed experts believe existing certifications should be used as a foundation for building comprehensive European certification schemes.

ENISA has provided a series of recommendations for the public and private sectors in the EU regarding the development of future ICS/SCADA cybersecurity certifications. The recommendations include creating a steering committee to evaluate the criteria for reviewing and assessing current and future certifications, developing simulation environments for practical training, and creating a framework to define the main features and contents of future schemes.

“ICS/SCADA cyber security is at the core of many industrial processes and a growing field which will present commercial and industrial opportunities. Specialised schemes certifying the skills of cyber security experts working on ICS/SCADA would be advantageous to industry sectors and sub-sectors, and important in ensuring the level of cyber security across Europe,” noted Prof. Udo Helmbrecht, the executive director of ENISA.

The complete study, Certification of Cyber Security skills of ICS/SCADA professionals, is available online.

Related Content

ICS/OT

The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville.

ICS/OT

The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.

ICS/OT

Join us as speakers from Cisco outline important steps industrial organizations can take to safeguard operations, achieve compliance, and enable sustainable growth.

ICS/OT

Over 20 advisories have been published by industrial giants this Patch Tuesday.

ICS/OT

Honeywell has patched several critical and high-severity vulnerabilities in its Experion PKS  industrial process control and automation product.

ICS/OT

Industrial solutions providers Siemens, Schneider Electric and Phoenix Contact have released July 2025 Patch Tuesday ICS security advisories.

ICS/OT

Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

ICS/OT

More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version