The European Network and Information Security Agency (ENISA) has published the results of a study on Industrial Control Systems (ICS) security.
ICS systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.
"In the last decade, these systems have faced a notable number of incidents. These include the Stuxnet attack, which is believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users," an ENISA press release notes.
A recent study conducted by ENISA which provides analysis of the DuQu Trojan included a warning that Europe's industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks are ill prepared to cope with similar threats.
Given that systems governing critical infrastructure systems in the United States are more or less the same as those of their European counterparts, American stakeholders should take note of the ENISA DuQu study and this most recent report on ICS security mitigation recommendations.
The new ENISA report evaluates the current state of ICS security and offers seven recommendations for improvement.
"This final report proposes seven practical, useful recommendations to public and private sector ICS-actors, as to improve current initiatives and enhance co-operation. The recommendations call for the creation of national and pan-European ICS security strategies, a Good Practice Guide on ICS security, research activities, the establishment of a common test bed and ICS-computer emergency response capabilities," the ENISA stement said.
Download the full ENISA report here: