The EU’s cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations for a team charged with ICS Computer Emergency Response Capabilities (ICS-CERC).
Industrial Control Systems are indispensable for a number of industrial processes, including energy distribution, water treatment, transportation, as well as chemical, government, defence and food processes. The ICS are lucrative targets for intruders, including criminal groups, foreign intelligence, phishers, spammers or terrorists. Cyber-incidents affecting ICS can have disastrous effects on a country’s economy and on people’s lives. They can cause long power outages, paralyse transports and cause ecological catastrophes. Therefore, the ability to respond to and mitigate the impact of ICS incidents is crucial for protecting critical information infrastructure and enhancing cyber-security on a national, European and global level. Consequently, ENISA has prepared this guide about good practices for prevention and preparedness for bodies with ICS-CERC and highlights the following conclusions;