ENISA White Paper: Can we learn from SCADA security incidents?


The EU’s cybersecurity agency ENISA has released a white paper giving recommendations regarding prevention and preparedness for an agile and integrated response to cybersecurity attacks and incidents against Industrial Control Systems (ICSs)/SCADA.

Increasing numbers of recent security incidents against ICSs/SCADA raise questions about the ability of many organizations to respond to critical incidents, as well as about their analytical capabilities. A proactive learning environment through ex-post analysis incidents is therefore key, the Agency underlines.

ICSs are widely used to control industrial processes for manufacturing, production and distribution of products. Often commercial, outdated off-the-shelf software is used. Well known types of ICSs include supervisory control and data acquisition (SCADA), where SCADA systems are the largest ICS subgroup. Recent ICS/SCADA incidents underline the importance of good governance and control of SCADA infrastructures. In particular, the ability to respond to critical incidents, as well as the capacity to analyze the results of an attack in order to learn from such incidents is crucial, the Agency underlines.

The goal of an ex-post incident analysis is to obtain in-depth-knowledge regarding the incident. This gives you the ability to:

  • Rely on robust evidence in order to respond to the changing nature of domestic and alien threats
  • Ensure that enough learning takes place in order to deploy resilient systems.

Four key points are identified for a proactive learning environment, which will in turn ensure a fast response to cyber incidents and their ex-post analysis:

  • Complementing the existing skills base with ex-post analysis expertise and understanding overlaps between cyber and physical critical incident response teams
  • Facilitating the integration of cyber and physical response processes with a greater understanding of where digital evidence may be found and what the appropriate actions to preserve it would be
  • Designing and configuring systems in a way that enables digital evidence retention, and
  • Increasing inter-organizational and interstate collaboration efforts.

Read the white paper HERE.