14 DAY TRIAL // The European Network and Information Security Agency (ENISA) has published a white paper detailing recommendations on prevention and response to cyberattacks and incidents against industrial control systems (ICS), particularly supervisory control and data acquisition (SCADA) systems.
The number of security incidents involving SCADA systems has increased over the past period, which is why it’s important for organizations to learn how to address these situations. ENISA believes that the best way to do it is through ex-post incident analysis.
Such an analysis gives organizations the ability to rely on robust evidence in responding to the changing nature of threats, and ensure that enough learning takes place in order to deploy systems that are resilient to cyber attacks.
According to ENISA, the key to protecting an organization’s ICS lies in increasing collaboration between states and companies, designing and configuring systems to enable the retention of digital evidence, and facilitating the integration of physical and cyber response processes with a greater understanding of identifying and preserving digital evidence.
In addition, understanding the overlaps between physical and cyber incident response teams, and complementing the existing skills base with ex-post incident analysis expertise is also highly important.
“SCADA systems are often embedded in sectors that are part of a nation’s critical infrastructure, for example power distribution and transportation control, which makes them an increasingly attractive potential target for cyber attacks, ranging from disgruntled insiders and dissident groups, to foreign states,” said ENISA Executive Director Professor Udo Helmbrecht.
“Such systems should be operated in a manner which allows for the collection and analysis of digital evidence to identify what happened during a security breach.”
The complete white paper, titled “Can we learn from SCADA security incidents?” is available on ENISA’s website.