ENISA publishes a study on the "Communication network dependencies for ICS-SCADA Systems"
February 2017 by ENISA
The use of long-range communication networks, and specially the Internet, has revolutionised ICS-SCADA systems and architectures. The use of network communication in these systems has proven to be an effective way of gaining a means for remotely operating and maintaining these infrastructures in real-time. Therefore, these have become vital assets providing a functionality otherwise impossible. However, this also opens up the way for new threat vectors that can potentially compromise the efficient and secure operation of these systems.
These threats are not necessarily new; many are inherited from the use of networking technologies - in use in IT areas for a long time now - which ultimately results in countermeasures being already available to mitigate or even eliminate them.
ENISA’s study on communication network dependencies aims to help asset owners defend their critical infrastructures from emerging cyber threats. The main objective is to provide insight into the communication network interdependencies currently present in industrial infrastructures and environments, mapping critical assets, assessing possible attacks and identifying potential good practices and security measures to apply.
After having mapped the most critical assets through interviews with experts in the field, the three most worrying potential attack scenarios, considering their potential impact and the assets that could be affected, were developed. Taking into consideration the experts’ views on available standards, good practices and security measures, and a series of recommendations have been developed including, among others, the following:
Include security as a main consideration during the design phase of ICS-SCADA systems.
Establish brainstorming and communication channels for the different participants in the lifecycle of the devices to exchange needs and solutions.
Include the periodic ICS-SCADA device update process as part of the main operations of the systems.
Promote increased collaboration amongst policy decision makers, manufacturers and operators at an EU Level.
Prof. Udo Helmbrecht, Executive Director of ENISA, said: "ICS-SCADA are at the core of European critical infrastructures, and have to be protected against emerging cyber threats, as more and more, attacks are affecting these systems"
ENISA’s future work in the field aims at enhancing the security and resilience of European critical infrastructures. In the context of the NIS Directive, ENISA will assist Member States and the European Commission by providing expertise and advice, as well as developing and facilitating the exchange of good practices, with the ultimate goal to enable higher level of security for Europe’s critical infrastructure. Furthermore, to understand the cybersecurity challenges involved in the domain of ICS-SCADA, ENISA coordinates EuroSCSIE and created the EICS Expert Group.