Brussels, 27/01/2014 (Agence Europe) - The European Network and Information Security Agency ENISA has published a report putting forward recommendations for the coordinated testing of the often outdated industrial control systems (ICS) for European industries. With the testing of ICS being one of the major concerns of the member states, ENISA believes it should be addressed at European level. “There is an evident necessity to increase security in critical information infrastructure and ICS systems. The risks are increasing and highly knowledgeable attackers and natural disasters have shown the weaknesses of the systems. All public and private entities involved are strongly advised to seriously address these security concerns”, said executive director of ENISA, Udo Helmbrecht.
ICS for energy, water and transport depend on information technologies that enable benefits in efficiency, costs and the automation of processes. These systems can nevertheless present gaps that are both well-known and new, unidentified or uncorrected. Designed as independent systems, they are not subject to any adequate security requirements, and are not prepared to deal with current threats. ENISA advocates a specific strategy to define the objectives, mission and vision for a test coordination capability at European level. In its report, it studies how EU action could be coordinated so as to reach a satisfactory level of harmonisation, independence and reliability of testing capabilities for ICS. Seven recommendations are put forward: (1) the creation of a test coordination of capability under public European leadership; (2) the establishment of a trusted and functional executive board; (3) the creation of specific working groups; (4) the definition of a financial model which is suited to the current European context; (5) carrying out a feasibility study on how testing should be organised; (6) cooperation agreements with other organisations dealing with ICS security systems; and (7) the establishment of a knowledge management programme for ICS testing. (IL/transl.fl)