Recommendations to help the security of ICS-SCADA systems

The use of long-range communication networks, and specially the Internet, has revolutionised ICS-SCADA systems and architectures. The use of network communication in these systems has proven to be an effective way of gaining a means for remotely operating and maintaining these infrastructures in real-time. Therefore, these have become vital assets providing a functionality otherwise impossible. However, this also opens up the way for new threat vectors that can potentially compromise the efficient and secure operation of these systems.

security ICS-SCADA systems

These threats are not necessarily new; many are inherited from the use of networking technologies – in use in IT areas for a long time now – which ultimately results in countermeasures being already available to mitigate or even eliminate them.

ENISA’s study on communication network dependencies aims to help asset owners defend their critical infrastructures from emerging cyber threats.

The main objective is to provide insight into the communication network interdependencies currently present in industrial infrastructures and environments, mapping critical assets, assessing possible attacks and identifying potential good practices and security measures to apply.

Recommendations

After having mapped the most critical assets through interviews with experts in the field, the three most worrying potential attack scenarios, considering their potential impact and the assets that could be affected, were developed.

Taking into consideration the experts’ views on available standards, good practices and security measures, and a series of recommendations have been developed including, among others, the following:

  • Include security as a main consideration during the design phase of ICS-SCADA systems.
  • Establish brainstorming and communication channels for the different participants in the lifecycle of the devices to exchange needs and solutions.
  • Include the periodic ICS-SCADA device update process as part of the main operations of the systems.

Promote increased collaboration amongst policy decision makers, manufacturers and operators at an EU Level.

“ICS-SCADA are at the core of European critical infrastructures, and have to be protected against emerging cyber threats, as more and more, attacks are affecting these systems,” said Prof. Udo Helmbrecht, Executive Director of ENISA.