Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

ENISA Issues Recommendations for Improving Industrial Control Systems Security

With all the attention on SCADA and Industrial Control Systems cyber security in the year following Stuxnet, ENISA, Europe’s cyber security agency, has issued the results of a study that describes the current situation on Industrial Control Systems (ICS) security and proposes recommendations for improving it.

With all the attention on SCADA and Industrial Control Systems cyber security in the year following Stuxnet, ENISA, Europe’s cyber security agency, has issued the results of a study that describes the current situation on Industrial Control Systems (ICS) security and proposes recommendations for improving it.

In the last decade, Industrial Control Systems have faced a notable number of incidents, including the well-known Stuxnet attack, and the recent DuQu malware, described by some as the precursor to the next Stuxnet.

In 2011, ENISA worked on the main concerns regarding ICS security, and national, pan European and international initiatives on ICS security. The stakeholders involved include ICS security tools and services providers, ICS software/hardware manufacturers, infrastructure operators, public bodies, standardization bodies, academia and R&D.

ENISA’s report proposes seven recommendations to improve current initiatives and enhance co-operation around ICS security including:

1: Creation of Pan-European and National ICS Security Strategies.

2: Creation of a Good Practices Guide for ICS security.

3: Creation of ICS security plan templates.

4: Foster awareness and training.

Advertisement. Scroll to continue reading.

5: Creation of a common test bed, or alternatively, an ICS security certification framework.

6: Creation of national ICS-computer emergency response capabilities.

7: Foster research in ICS security leveraging existing Research Programs.

“Real security for Industrial Control Systems can be only achieved with a common effort, characterized by cooperation, knowledge exchange and mutual understanding of all involved stakeholders,” says Rafal Leszczyna, editor of the report.

“Our study clearly shows that there is still a lot to be done in this area by all relevant stakeholders. We hope that our seven recommendations will lead to significant improvement,” said Udo Helmbrecht, Executive Director of ENISA. .

The full report is available here.

Related Reading: Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems

Related Reading: Are Industrial Control Systems Secure?

Related Reading: How to Make the Smart Grid Smarter than Cyber Attackers

Related Reading: The Increasing Importance of Securing The Smart Grid

Related Reading: Stuck on Stuxnet – Are Grid Providers Prepared for Future Assaults?

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

More People On The Move

Expert Insights