Industrial Control Systems/SCADA

Critical infrastructures, such as electricity generation plants, transportation systems, oil refineries, chemical factories and manufacturing facilities are large, distributed complexes. Plant operators must continuously monitor and control many different sections of the plant to ensure its proper operation. During the last decades this remote command and control has been made feasible due to the development of networking technology and the advent of Industrial Control Systems (ICS). ICS are command and control networks and systems designed to support industrial processes. The largest subgroup of ICS is SCADA (Supervisory Control and Data Acquisition) systems.

ICS have passed through a significant transformation from proprietary, isolated systems to open architectures and standard technologies highly interconnected with other corporate networks and the Internet. Today ICS products are mostly based on standard embedded systems platforms, applied in various devices, such as routers or cable modems, and they often use commercial off-the shelf software. All this has resulted in reduction of costs, ease of use and enabled the remote control and monitoring from various locations. However, an important drawback derived from the connection to intranets and communication networks, is the increased vulnerability to computer network-based attacks.

Recognising the importance of the problem, ENISA launched a series of activities, which aim at bringing together the relevant stakeholders and engaging them into open discussion on ICS protection. The main goal of the opened dialogue is to identify the main concerns regarding the security of ICS [1] as well as to recognize and support the national, pan European and international initiatives on ICS security. The involved stakeholders include:

  • Academia, R&D
  • ICS security tools and services providers
  • ICS software/hardware manufactures and integrators
  • Infrastructure operators
  • Public bodies
  • Standardisation bodies

Furthermore, in order to help the stakeholders in getting a deeper insight on the issue, ENISA decided to further explore this problem by delivering a research and survey-based study on this topic.

The objective of the study was to obtain the current ‘panorama’ of the ICS protection primarily in Europe but in the international context. The image includes threats, risks and challenges in the area of ICS protection as well as national, pan European and international initiatives on ICS security. The analysis enabled the development of recommendations for all relevant stakeholders in order to improve the security, safety and resilience of their ICS systems.

An important part of the study is the workshop organised in order to support the common discussion of all the relevant stakeholders on the subject of Industrial Control Systems (ICS) protection and to evaluate the results of the study.

The report Protecting Industrial Control Systems. Recommendations for Europe and Member States presenting the results of the study was published on the 14th of December, 2011. Further details of the study as well as broad information on the relevant topics, an interested reader will find in the annexes of the report:

[1] On different levels: legal and regulatory, organisational, dissemination and awareness, economic/financial and technical.

— filed under: