The EU’s cyber security agency ENISA has released a good practice guide for computer emergency response teams (Certs) working with industrial control systems (ICS). The manual provides advice on mitigating attacks on critical infrastructure such as energy and pipeline industries, where cyber-security knowledge ‘is often lacking.’ ICS are increasingly connected to the internet, streamlining process automation but exposing infrastructure to the risk of exposure to cyber-attacks.
Control systems are ‘lucrative targets’ for criminal groups, foreign intelligence, phishers and terrorists. Examples include catastrophes such as oil spills, floods, leakages of dangerous chemicals, major rail incidents, or power outages (although none of these are actually referenced). The ability to respond to and mitigate the impact of ICS incidents is crucial for protecting critical information infrastructure and enhancing cyber-security on a national, European and global level.
The poorly-written, repetitive, 43 page guide is replete with jargon and acronyms and unsupported scaremongering. It is to be hoped that the online training material that ENISA provides is more to the point.
© Oil IT Journal - all rights reserved.