Critical infrastructures, such as electricity generation plants, transportation systems, oil refineries, chemical factories and manufacturing facilities are large, distributed complexes. Plant operators must continuously monitor and control many different sections of the plant to ensure its proper operation. During the last decades this remote command and control has been made feasible due to the development of networking technology and the advent of Industrial Control Systems (ICS). ICS are command and control networks and systems designed to support industrial processes. The largest subgroup of ICS is SCADA (Supervisory Control and Data Acquisition) systems.
ICS have passed through a significant transformation from proprietary, isolated systems to open architectures and standard technologies highly interconnected with other corporate networks and the Internet. Today ICS products are mostly based on standard embedded systems platforms, applied in various devices, such as routers or cable modems, and they often use commercial off-the shelf software. All this has resulted in reduction of costs, ease of use and enabled the remote control and monitoring from various locations. However, an important drawback derived from the connection to intranets and communication networks, is the increased vulnerability to computer network-based attacks.
With the report Protecting Industrial Control Systems. Recommendations for Europe and Member States started its efforts in ICS SCADA security. Further details of the study as well as broad information on the relevant topics are:
- Annex I: Desktop Research Results
- Annex II. Survey and Interview Analysis
- Annex III. ICS Security Related Standards, Guidelines and Policy Documents
- Annex IV. ICS Security Related Initiatives
- Annex V. Key Findings
- Annex VI. Minutes of the Workshop
Since then, ENISA has published several studies
- Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors
- Certification of Cyber Security skills of ICS/SCADA professionals
- Good Practices for an EU ICS Testing Coordination Capability
- Window of exposure… a real problem for SCADA systems?
- Can we learn from SCADA security incidents?
In 2014 ENISA established the ENISA ICS Security Stakeholder Group and in 2015 took over the coordination of EuroSCSIE - European SCADA and Control Systems Information Exchange.