The European Network and Information Security Agency (ENISA) just released a new study this month that looks at protecting the security of industrial control (or SCADA) systems (ICS).
The study recognizes that industrial control systems are truly a strategic asset and must be protected against the rising potential of cyber terrorist attacks with
The research and survey-based study resulted in seven specific recommendations and they are considered a “priority.” They include:
1. Creation of Pan-European and National ICS Security Strategies
2. Creation of a Good Practices Guide for ICS security
3. Creation of ICS security plan templates
4. Foster awareness and training
5. Creation of a common test bed, or alternatively, an ICS security certification framework
6. Creation of national ICS-computer emergency response capabilities
7. Foster research in ICS security leveraging existing Research Programs
The objective of this effort was to provide to those in the public and private sector who are involved with industrial control systems with common set of practical guidelines on addressing the growing threat of cyber attacks.
Some call this motherhood and apple pie; others are quick to point out that you have to start somewhere and this is a good starting point.
What is not addressed is mandating improvements in cyber security for providers of critical infrastructure.
Without a clear mandate that includes enforcement and reporting, it is anyone’s guess to what extent these seven recommendations will be implemented.
This is not the first such report that has come out on industrial control systems security. In fact, these recommendations are very similar to what has been openly talked about by security groups and industrial control engineers on the web and in trade and professional publications.
Will this be more of the same – all talk with little action? Only time will tell.
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute, where he provides consulting services on strategic technology and security issues.
Read other Cyber Intelligence articles by Kevin G. Coleman.