What can we learn from ICS/SCADA security incidents?
Posted on 09 October 2013.
Increasing numbers of recent security incidents against industrial control systems/SCADA raise questions about the ability of many organisations to respond to critical incidents, as well as about their analytical capabilities. A proactive learning environment through ex-post analysis incidents is therefore key, according to ENISA.


ICS are widely used to control industrial processes for manufacturing, production and distribution of products. Often commercial, outdated off-the-shelf software is used. Well-known types of ICS include supervisory control and data acquisition (SCADA), where SCADA systems are the largest ICS subgroup.

Recent ICS/SCADA incidents underline the importance of good governance and control of SCADA infrastructures. In particular, the ability to respond to critical incidents, as well as the capacity to analyse the results of an attack in order to learn from such incidents is crucial.

ENISA released a white paper giving recommendations regarding prevention and preparedness for an agile and integrated response to cyber security attacks and incidents against Industrial Control Systems. They identified four key points for a proactive learning environment which will in turn ensure a fast response to cyber incidents and their ex-post analysis:
  • Complementing the existing skills base with ex-post analysis expertise and understanding overlaps between cyber and physical critical incident response teams;
  • Facilitating the integration of cyber and physical response processes with a greater understanding of where digital evidence may be found and what the appropriate actions to preserve it would be;
  • Designing and configuring systems in a way that enables digital evidence retention; and
  • Increasing inter-organisational and interstate collaboration efforts.
The Executive Director of ENISA Professor Udo Helmbrecht comments: "SCADA systems are often embedded in sectors that are part of a nation's critical infrastructure, for example power distribution and transportation control, which makes them an increasingly attractive potential target for cyber attacks, ranging from disgruntled insiders and dissident groups, to foreign states. Such systems should be operated in a manner which allows for the collection and analysis of digital evidence to identify what happened during a security breach."





Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //