ENISA Issues Seven Recommendations To Improve ICS Security

ENISA, the European Network and Information Security Agency, has called on European Union (EU) member states to improve their protection against potential attacks on Industrial Control Systems (ICS) and to work closer together to prevent cyber attacks.

The findings are published in a study of European ICS security, which includes seven recommendations for European countries.

Come Together

ICS are command and control networks and systems which are designed to support industrial processes such as gas and electricity distribution, water, oil refining and railway transportation. Their importance has resulted in them being a prime target for potential cyber attackers and terrorists.

ENISA’s recommendations include the creation of national and pan-European ICS security strategies, the publication of a good practice guide on ICS security, increased research activities, the establishment of a common test bed and IC computer emergency response capabilities.

The European Commission (EC) has long called for its members to do more to prepare for cyber attacks and earlier this year proposed a number of measures. These included the creation of a European cyber-incident contingency plan by 2012, the organisation of regular national and pan-European cyber incident exercises and strategic partnerships with non-EU countries, especially the US.

The EU and USA held a joint-operation last month which used simulated cyber-crisis scenarios to see how the two bodies would engage in the event of a cyber attack on critical information infrastructures.

Increased Threat

The threat of attacks on ICS and Supervisory Control And Data Acquisitions (SCADA) systems has increased in recent years, causing many governments to be more wary of such attacks.

Earlier this month, the FBI disclosed that cyber attackers had accessed the critical infrastructure of three cities in the US by compromising the industrial control systems.

The threat of espionage also has governments worried. Stuxnet, one of the most sophisticated pieces of malware ever seen, was believed to have targeted Iran’s uranium enrichment programme, apparently setting the operation back by years.

Stuxnet’s level of complexity led many to suggest that it was created by a nation state and earlier this year a new piece of malware, Duqu, was so similar Stuxnet, that it was believed that the creator must have had access to the source code, causing it to be dubbed “Stuxnet 2.0”

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago