Search results

296 items matching your search terms.
Filter the results.
Item type

New items since

Sort by relevance · date (newest first) · alphabetically
Report/Study application/x-troff-ms Window of exposure… a real problem for SCADA systems?
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems (ICS). In the last decade SCADA technology has passed through a transformation, from isolated and proprietary systems into open architectures and standard technologies that are highly interconnected with other corporate networks and the Internet. A consequence of this transformation is the increased vulnerability to outside attacks. One way to enhance the security of SCADA is through the application of patches. Ideally an organization would deploy patches as soon as they come available, however this is often not possible because of the complexity of the process in which SCADA systems are incorporated and because the systems often need to be operable at any given moment. Furthermore patches need to be tested thoroughly before they can be applied to production environment, which can take days or even weeks, during which a system is vulnerable. Alternative controls should be used during the WINDOW OF EXPOSURE for preventing a vulnerability to be exploited. For instance, when a webserver vulnerability has been discovered the organization could, if possible, block unwanted traffic to the webserver or disable the webserver all together.
Located in Publications
Report/Study Good Practices for an EU ICS Testing Coordination Capability
There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for improvement in methodologies, standards and educational resources. Most experts consider that leveraging these efforts under a coordinated programme could help to raise the status of ICS security testing. In order to provide ICS security testing capabilities in the European Union, it is important to understand the needs of the community, and the main objectives that must be taken into consideration. An independent testing coordination capability, aligned with current standards, supported by public institutions and able to provide value to all involved stakeholders is required, but some other topics, such as the importance of making testing mandatory, are still under discussion.
Located in Publications
Report/Study Certification of Cyber Security skills of ICS/SCADA professionals
This document explores how current initiatives on certification of professional skills are related to the topic of ICS/SCADA cyber security. It also identifies the challenges and proposes a series of recommendations towards the development of certification schemes for ICS/SCADA cyber security professionals.Pursuant to interviews with experts worldwide and the analysis of the results of an online survey, this report proposes a series of recommendations for the development of cyber security certifications for ICS/SCADA professionals.
Located in Publications
Report/Study Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors
This study reveals the current maturity level of ICS-SCADA cyber security in Europe and identifies good practices used by European Member States to improve this area. The first and second part of this study introduces us to the ICS-SCADA cyber security topic, explains the role of ICS-SCADA in critical sectors and summarizes the methodology of this study. During the desk research, current activities of different Member States in the area of ICS-SCADA cyber security were also identified, including related activities, legislation status, existing cyber security strategies and the responsibility matrix of entities dedicated to improve the level of ICS-SCADA cyber security in each country.
Located in Publications
Report/Study ENISA Smart Grid Security Recommendations
This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing co-operation, raising awareness, developing new measures and good practices, and reducing barriers to information sharing.
Located in Publications
Report/Study Appropriate security measures for smart grids
This document introduces a set of cyber security measures for smart grids. These measures are organised in ten (10) domains and three sophistication levels.
Located in Publications
Report/Study Cyber Security Aspects in the Maritime Sector
This report is the first EU report ever on cyber security challenges in the Maritime Sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cyber security. Finally, high-level recommendations are given for addressing these risks, Cyber threats are a growing menace, spreading to all industry sectors that relying on ICT systems. Recent deliberate disruptions of critical automation systems, such as Stuxnet, prove that cyber-attacks have a significant impact on critical infrastructures. Disruption of these ICT capabilities may have disastrous consequences for the EU Member States’ governments and social wellbeing. The need to ensure ICT robustness against cyber-attacks is thus a key challenge at national and pan-European level.
Located in Publications
Report/Study text/texmacs Mutual Aid Agreements
This Mutual Aid for Resilient Infrastructure in Europe (MARIE) Phase 1 Report presents twelve Key Observations about MAAs and in so doing lays the foundation for a number of recommendations, which are planned for the MARIE Phase 2 Report (in 2012). As one of the most prominent obstacles to further utilization of MAAs is organizations embracing emergency preparedness responsibilities that extend all the way out through to low probability and high impact events, many of the observations offered here are tightly coupled with emergency preparedness motivation. Phases 3 and 4 are designed to serve as implementation and monitoring periods, which will be essential to the full benefit realization of this mutual aid initiative.
Located in Publications
Report/Study Troff document Mutual Aid for Resilient Infrastructure in Europe (M.A.R.I.E.) - Phase II: Recommendations Report
This report presents 5 main recommendations which will –if implemented- improve emergency preparedness for ICT Stakeholders. The results of the preliminary study performed in 2011 showed that the preparedness for Black Swan events (low probability / high impact) cannot be handled in isolation, and that one of the possible responses to this issue could be the use of Mutual Aid Agreements. The recommendations intend to provide a high level coverage to raise awareness and encourage their development.
Located in Publications
Report/Study Methodologies for the identification of Critical Information Infrastructure assets and services
This study aims to tackle the problem of identification of Critical Information Infrastructures in communication networks. The goal is to provide an overview of the current state of play in Europe and depict possible improvements in order to be ready for future threat landscapes and challenges.
Located in Publications

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information