With all the attention on SCADA and Industrial Control Systems cyber security in the year following Stuxnet, ENISA, Europe’s cyber security agency, has issued the results of a study that describes the current situation on Industrial Control Systems (ICS) security and proposes recommendations for improving it.
In the last decade, Industrial Control Systems have faced a notable number of incidents, including the well-known Stuxnet attack, and the recent DuQu malware, described by some as the precursor to the next Stuxnet.
In 2011, ENISA worked on the main concerns regarding ICS security, and national, pan European and international initiatives on ICS security. The stakeholders involved include ICS security tools and services providers, ICS software/hardware manufacturers, infrastructure operators, public bodies, standardization bodies, academia and R&D.
ENISA’s report proposes seven recommendations to improve current initiatives and enhance co-operation around ICS security including:
1: Creation of Pan-European and National ICS Security Strategies.
2: Creation of a Good Practices Guide for ICS security.
3: Creation of ICS security plan templates.
4: Foster awareness and training.
5: Creation of a common test bed, or alternatively, an ICS security certification framework.
6: Creation of national ICS-computer emergency response capabilities.
7: Foster research in ICS security leveraging existing Research Programs.
“Real security for Industrial Control Systems can be only achieved with a common effort, characterized by cooperation, knowledge exchange and mutual understanding of all involved stakeholders,” says Rafal Leszczyna, editor of the report.
“Our study clearly shows that there is still a lot to be done in this area by all relevant stakeholders. We hope that our seven recommendations will lead to significant improvement,” said Udo Helmbrecht, Executive Director of ENISA. .
The full report is available here.
Related Reading: Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems
Related Reading: Are Industrial Control Systems Secure?
Related Reading: How to Make the Smart Grid Smarter than Cyber Attackers
Related Reading: The Increasing Importance of Securing The Smart Grid
Related Reading: Stuck on Stuxnet – Are Grid Providers Prepared for Future Assaults?