Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

ENISA Issues Recommendations for Improving Industrial Control Systems Security

With all the attention on SCADA and Industrial Control Systems cyber security in the year following Stuxnet, ENISA, Europe’s cyber security agency, has issued the results of a study that describes the current situation on Industrial Control Systems (ICS) security and proposes recommendations for improving it.

With all the attention on SCADA and Industrial Control Systems cyber security in the year following Stuxnet, ENISA, Europe’s cyber security agency, has issued the results of a study that describes the current situation on Industrial Control Systems (ICS) security and proposes recommendations for improving it.

In the last decade, Industrial Control Systems have faced a notable number of incidents, including the well-known Stuxnet attack, and the recent DuQu malware, described by some as the precursor to the next Stuxnet.

In 2011, ENISA worked on the main concerns regarding ICS security, and national, pan European and international initiatives on ICS security. The stakeholders involved include ICS security tools and services providers, ICS software/hardware manufacturers, infrastructure operators, public bodies, standardization bodies, academia and R&D.

ENISA’s report proposes seven recommendations to improve current initiatives and enhance co-operation around ICS security including:

1: Creation of Pan-European and National ICS Security Strategies.

2: Creation of a Good Practices Guide for ICS security.

3: Creation of ICS security plan templates.

4: Foster awareness and training.

5: Creation of a common test bed, or alternatively, an ICS security certification framework.

6: Creation of national ICS-computer emergency response capabilities.

7: Foster research in ICS security leveraging existing Research Programs.

“Real security for Industrial Control Systems can be only achieved with a common effort, characterized by cooperation, knowledge exchange and mutual understanding of all involved stakeholders,” says Rafal Leszczyna, editor of the report.

“Our study clearly shows that there is still a lot to be done in this area by all relevant stakeholders. We hope that our seven recommendations will lead to significant improvement,” said Udo Helmbrecht, Executive Director of ENISA. .

The full report is available here.

Related Reading: Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems

Related Reading: Are Industrial Control Systems Secure?

Related Reading: How to Make the Smart Grid Smarter than Cyber Attackers

Related Reading: The Increasing Importance of Securing The Smart Grid

Related Reading: Stuck on Stuxnet – Are Grid Providers Prepared for Future Assaults?

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

ICS/OT

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Data Protection

Artificial intelligence is more artificial than intelligent.

Application Security

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...