E.U. body outlines broad security goals for industrial control systems

Tools

A Dec. 19 report by the European Network and Information Security Agency to E.U. member states proposes seven broad recommendations for improving industrial control system security. 

Among ENISA's recommendations is the creation of a common, European test bed to detect security failures in a controlled environment. A similar but alternative solution would be to define a security framework model adapted for ICS, similar to frameworks such as Common Criteria or the federal information processing standard, say report authors.

The report also suggests member states establish national ICS-computer emergency response capabilities, in cooperation public and private CERTs. This will allow member states to share vulnerability information, disclose it and coordinate risk management actions, say report authors.

ENISA recommends:

  • Creation of pan-European and national ICS security strategies;
  • Creation of a best practices guide for ICS security;
  • Creation of ICS security plan templates for operators and infrastructures, which security experts could adapt to their particular situation;
  • Member states make a management commitment to ICS security by fostering awareness and training;
  • Creation of a common test bed, or alternatively, an ICS security certification framework;
  • Creation of national ICS-computer emergency response capabilities; and
  • Promotion of research in ICS security leveraging existing research programs.

For more:
- download the ENISA report

Related Articles:
EU agency warns of voluntary surveillance society
U.S. and E.U. officials reach passenger name record sharing agreement
Europe unveils open data strategy, hopes to see economic benefits