11. 11
SCADA Protection: Motivation
✔ Used by Critical Infrastructure
✔ Safety vs. Security
✔ Old systems, suddenly interconnected
– Security by Obscurity?
✔ Connected to other ICT
✔ Real attackers: Stuxnet, Daesh, ...
12. 12
Let's protect Critical Infrastructure
— European Commission
https://commons.wikimedia.org/wiki/File:Berlaymont-Building-1.Jpg
15. 15
COM(2009) 149 on CIIP
●
preparedness and prevention
●
detection and response
●
mitigation and recovery
●
international cooperation
●
and criteria for EC infrastructures in the field of ICT
22. 22
ENISA Report Recommendations
●
Pan-European and National ICS Security Strategies
●
Good Practices Guide for ICS Security
●
ICS security plan templates
●
Awareness and Training
●
common test bed / security certification framework
●
national ICS-computer emergency response
●
research leveraging existing Research Programmes
23. 23
Beyond the ENISA Report
●
Cyber Europe
●
ENISA 2015 Reports:
●
Certification of Cyber Security skills of ICS/SCADA professionals
●
Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors
●
A lot of work to do:
– https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada
●
See AK IT Security II
25. 25
References
•
ENISA Documents:
•
Protecting Industrial Control Systems. Recommendations for Europe and Member States
•
https://www.enisa.europa.eu/media/key-documents/brochures-and-leaflets/scada-
security-leaflet/
•
News: Is Europe ready to protect SCADA?
https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada
•
Wikipedia: SCADA
https://en.wikipedia.org/wiki/SCADA
•
Journal of Homeland Security and Emergency Management
http://www.degruyter.com/view/j/jhsem.2005.2.2/jhsem.2005.2.2.1117/jhsem.2005.2.2.1117.xml
•
Presentations: SCADA StrangeLove
https://media.ccc.de/search/?q=scada
•
Presentation: Damn Vulnerable Chemical Process
https://www.youtube.com/watch?v=TPUzNMcFb4A
26. AK IT Security II 2015/16Stefan More / smore@tugraz.at
26