14 DAY TRIAL // Over the past period, more and more experts have warned of the risks of cyberattacks aimed at Industrial Control Systems (ICS). That’s why the European Network and Information Security Agency (ENISA) has published a new guide to help organizations protect their infrastructure against attacks.
ICS are utilized to power critical processes in many sectors, including water treatment, transport, and energy distribution. Since these systems are often connected to the Web, it’s important to make sure they’re properly protected against threats from cyberspace.
The manual contains recommendations for teams with ICS Computer Emergency Response Capabilities (ICS-CERC).
ENISA highlights the fact that since ICS are indispensable for the seamless operation of critical infrastructure, availability is considered the highest priority. However, the entities responsible for ICS don’t always have what it takes to properly secure them.
On the other hand, CERTs, the organizations that do have the security expertise, don’t always understand the technical aspects.
When hiring staff for ICS-CERC teams, organizations must properly vet all candidates and make sure they’re willing to respond to incidents during non-working hours. Also, they must be capable of working well under pressure.
Another important aspect in protecting ICS lies in the cooperation between stakeholders, on both domestic and international levels.
ENISA believes the challenges can be overcome by making use of existing global and European experience, and an efficient use and exchange of good practices.
“Until a few decades ago, ICS functioned in discrete, separated environments, but nowadays they are often connected to the Internet. This enables streamlining and automation of industrial processes, but it also increases the risk of exposure to cyber-attacks,” commented ENISA Executive Director Professor Udo Helmbrecht.
The complete guide on mitigating attacks against ICS is available on ENISA’s website.