ENISA
https://www.enisa.europa.eu
National Roaming for Resilience
https://www.enisa.europa.eu/publications/national-roaming-for-resilience
Mobile communications are an integral part of everyday life. In less than 30 years they have surpassed the traditional fixed line telephony. Every day millions of European citizens rely on mobile telephony for work, social life, but also to contact emergency services. Hence outages of a mobile network can have a severe impact on the economy and on society. Mobile network outages are common. In 2012, EU Member States reported 79 significant incidents of electronic communications to ENISA and the European Commission. Most of these incidents had an impact on mobile telephony and mobile Internet. The goal of this report is to help National Regulatory Authority (NRAs) understand if and how roaming at national level could be used to improve resilience of mobile communication networks and services in case of large outages and start the discussion with the market players around this topic.No publisherCritical Information Infrastructure Protection (CIIP)2013/11/27 02:05:00 GMT+2Report/StudyCritical Cloud Computing-A CIIP perspective on cloud computing services
https://www.enisa.europa.eu/publications/critical-cloud-computing
In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services.No publisherCritical Information Infrastructure Protection (CIIP)Cloud Computing Security2013/02/14 10:30:00 GMT+2Report/StudyCommunication network interdependencies in smart grids
https://www.enisa.europa.eu/publications/communication-network-interdependencies-in-smart-grids
This study focuses on the evaluation of the interdependencies and communications between all the assets that make up the new power grids, their architectures and connections in order to determine their importance, threats, risks, mitigation factors and possible security measures to implement. To obtain this information, experts in the fields and areas related directly with smart grids were contacted to gather their know-how and expertise.No publisherCritical Information Infrastructure Protection (CIIP)ResilienceSmart Grids2016/01/29 00:00:00 GMT+2Report/StudyCan we learn from SCADA security incidents?
https://www.enisa.europa.eu/publications/can-we-learn-from-scada-security-incidents
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures. In particular the ability to respond to critical incidents and be able to analyse and learn from what happened is crucial.No publisherCritical Information Infrastructure Protection (CIIP)2013/10/09 01:00:00 GMT+2Report/StudyWindow of exposure… a real problem for SCADA systems?
https://www.enisa.europa.eu/publications/window-of-exposure-a-real-problem-for-scada-systems
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems (ICS). In the last decade SCADA technology has passed through a transformation, from isolated and proprietary systems into open architectures and standard technologies that are highly interconnected with other corporate networks and the Internet. A consequence of this transformation is the increased vulnerability to outside attacks. One way to enhance the security of SCADA is through the application of patches. Ideally an organization would deploy patches as soon as they come available, however this is often not possible because of the complexity of the process in which SCADA systems are incorporated and because the systems often need to be operable at any given moment. Furthermore patches need to be tested thoroughly before they can be applied to production environment, which can take days or even weeks, during which a system is vulnerable. Alternative controls should be used during the WINDOW OF EXPOSURE for preventing a vulnerability to be exploited. For instance, when a webserver vulnerability has been discovered the organization could, if possible, block unwanted traffic to the webserver or disable the webserver all together. No publisherCritical Information Infrastructure Protection (CIIP)Critical Information Infrastructure Protection (CIIP)2013/12/06 02:05:00 GMT+2Report/StudyGood Practices for an EU ICS Testing Coordination Capability
https://www.enisa.europa.eu/publications/good-practices-for-an-eu-ics-testing-coordination-capability
There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for improvement in methodologies, standards and educational resources. Most experts consider that leveraging these efforts under a coordinated programme could help to raise the status of ICS security testing. In order to provide ICS security testing capabilities in the European Union, it is important to understand the needs of the community, and the main objectives that must be taken into consideration. An independent testing coordination capability, aligned with current standards, supported by public institutions and able to provide value to all involved stakeholders is required, but some other topics, such as the importance of making testing mandatory, are still under discussion. No publisherCritical Information Infrastructure Protection (CIIP)Critical Information Infrastructure Protection (CIIP)2014/01/23 02:05:00 GMT+2Report/StudyCertification of Cyber Security skills of ICS/SCADA professionals
https://www.enisa.europa.eu/publications/certification-of-cyber-security-skills-of-ics-scada-professionals
This document explores how current initiatives on certification of professional skills are related to the topic of ICS/SCADA cyber security. It also identifies the challenges and proposes a series of recommendations towards the development of certification schemes for ICS/SCADA cyber security professionals.Pursuant to interviews with experts worldwide and the analysis of the results of an online survey, this report proposes a series of recommendations for the development of cyber security certifications for ICS/SCADA professionals.No publisherCritical Information Infrastructure Protection (CIIP)Critical Information Infrastructure Protection (CIIP)2015/02/18 15:00:00 GMT+2Report/StudyAnalysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors
https://www.enisa.europa.eu/publications/maturity-levels
This study reveals the current maturity level of ICS-SCADA cyber security in Europe and identifies good practices used by European Member States to improve this area. The first and second part of this study introduces us to the ICS-SCADA cyber security topic, explains the role of ICS-SCADA in critical sectors and summarizes the methodology of this study. During the desk research, current activities of different Member States in the area of ICS-SCADA cyber security were also identified, including related activities, legislation status, existing cyber security strategies and the responsibility matrix of entities dedicated to improve the level of ICS-SCADA cyber security in each country. No publisherCritical Information Infrastructure Protection (CIIP)Resilience2015/12/11 10:50:00 GMT+2Report/StudyENISA Smart Grid Security Recommendations
https://www.enisa.europa.eu/publications/ENISA-smart-grid-security-recommendations
This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing co-operation, raising awareness, developing new measures and good practices, and reducing barriers to information sharing.No publisherCritical Information Infrastructure Protection (CIIP)Good PracticeSmart Grids2012/07/09 14:40:00 GMT+2Report/StudyAppropriate security measures for smart grids
https://www.enisa.europa.eu/publications/appropriate-security-measures-for-smart-grids
This document introduces a set of cyber security measures for smart grids. These measures are organised in ten (10) domains and three sophistication levels.No publisherCritical Information Infrastructure Protection (CIIP)Smart Grids2012/12/19 00:05:00 GMT+2Report/StudyCyber Security Aspects in the Maritime Sector
https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1
This report is the first EU report ever on cyber security challenges in the Maritime Sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cyber security. Finally, high-level recommendations are given for addressing these risks, Cyber threats are a growing menace, spreading to all industry sectors that relying on ICT systems. Recent deliberate disruptions of critical automation systems, such as Stuxnet, prove that cyber-attacks have a significant impact on critical infrastructures. Disruption of these ICT capabilities may have disastrous consequences for the EU Member States’ governments and social wellbeing. The need to ensure ICT robustness against cyber-attacks is thus a key challenge at national and pan-European level.No publisherCritical Information Infrastructure Protection (CIIP)2011/12/16 16:30:00 GMT+2Report/StudyMutual Aid Agreements
https://www.enisa.europa.eu/publications/mutual-aid-agreements
This Mutual Aid for Resilient Infrastructure in Europe (MARIE) Phase 1 Report presents twelve Key Observations about MAAs and in so doing lays the foundation for a number of recommendations, which are planned for the MARIE Phase 2 Report (in 2012). As one of the most prominent obstacles to further utilization of MAAs is organizations embracing emergency preparedness responsibilities that extend all the way out through to low probability and high impact events, many of the observations offered here are tightly coupled with emergency preparedness motivation. Phases 3 and 4 are designed to serve as implementation and monitoring periods, which will be essential to the full benefit realization of this mutual aid initiative. No publisherCritical Information Infrastructure Protection (CIIP)2011/12/16 16:25:00 GMT+2Report/StudyMutual Aid for Resilient Infrastructure in Europe (M.A.R.I.E.) - Phase II: Recommendations Report
https://www.enisa.europa.eu/publications/m-a-r-i-e-phase-ii-recommendations-report
This report presents 5 main recommendations which will –if implemented- improve emergency preparedness for ICT Stakeholders. The results of the preliminary study performed in 2011 showed that the preparedness for Black Swan events (low probability / high impact) cannot be handled in isolation, and that one of the possible responses to this issue could be the use of Mutual Aid Agreements. The recommendations intend to provide a high level coverage to raise awareness and encourage their development.No publisherCritical Information Infrastructure Protection (CIIP)2013/12/19 17:50:00 GMT+2Report/StudyMethodologies for the identification of Critical Information Infrastructure assets and services
https://www.enisa.europa.eu/publications/methodologies-for-the-identification-of-ciis
This study aims to tackle the problem of identification of Critical Information Infrastructures in communication networks. The goal is to provide an overview of the current state of play in Europe and depict possible improvements in order to be ready for future threat landscapes and challenges.No publisherCritical Information Infrastructure Protection (CIIP)2015/02/23 12:00:00 GMT+2Report/StudySecurity and Resilience in eHealth Infrastructures and Services
https://www.enisa.europa.eu/publications/security-and-resilience-in-ehealth-infrastructures-and-services
The aim of this study is to investigate the approaches and measures MS take to protect critical healthcare systems, having as a main goal improved healthcare and patient safety. In that respect this study analyses: - The policy context in Europe and the legislation of the Member States - The perception of the Member States on critical assets in eHealth infrastructures - The most important security challenges - The most common security requirements - Relevant good practices that have been deployed in the MS for eHealth securityNo publisherCritical Information Infrastructure Protection (CIIP)HealthResilience2015/12/15 02:05:00 GMT+2Report/Study