Embed Size (px)
Citation preview
www.enisa.europa.eu
INITIATIVES AND CHALLENGES IN THE ICS PROTECTION – THE ROLE OF ENISA
Rafał Leszczyna
Resilience and CIIP Program, ENISA
Industrial IT Forum, Hanover, 6 April, 2011
2011-04-06 1 [email protected]
www.enisa.europa.eu
Resilience & CIIP – the Threat is Real
2011-04-06 2 [email protected]
CII Breakdown
www.enisa.europa.eu
Threat Environment
Significant physical disasters affecting CIIPs
Complex networks and services
Low quality of software and hardware
Asymmetric threats allowing remote attacks to CII
Increasing organised cybercrime and industrial espionage
Lack of international agreements and regimes
Lack of well functioning, international operational mechanism
2011-04-06 3 [email protected]
www.enisa.europa.eu
EU Activities on Resilience and CIIP
CIIP Action Plan European Public Private Partnership for Resilience (EP3R) European Forum for Member States (EFMS) Cyber Europe 2010 – first pan European Exercise European Information Sharing and Alert System Baseline capabilities for CERT
Telecom Package – article 13a
Min. security requirements and guidelines for operators Mandatory reporting of significant incidents to regulators Annual reporting of incidents to ENISA and COM
ENISA new mandate
2011-04-06 4 [email protected]
www.enisa.europa.eu
Collectively evaluate and improve resilience of European communications networks and services
EU Commission and at least 50% of the Member States made use of ENISA recommendations in their
policy making process
ENISA’s Resilience and CIIP Program
Stock taking Policies/Strategy Operators Measures Technology
Gap Analysis Gap Mitigation Good practices Guidelines
Recommendations Exercises Article 13 a SCADA EP3R and EFMS
2008 2009 2010
CIIP COM
New Telecom Package
ENISA New
Mandate
2012
2011-04-06 5 [email protected]
www.enisa.europa.eu
Industrial Control Systems
‘Old’ Technology – New Problems From isolated to widely connected systems Massive deployment of Internet protocols
Reduce cost of operation but... increase risk
Use of commercial, off-the-shelf products Remote access to systems (e.g. for maintenance and support )
Lack of understanding of cyber security issues
From physical/access control to cyber security culture Products not always state of art in cyber security Plans, measures, policies and controls … non existent
2011-04-06 6 [email protected]
www.enisa.europa.eu
ENISA’s Approach
Identify problems holistically through stock taking Technical, policy, R&D, standards, legal, socio-economic, awareness Follow a technology and operator neutral approach
Survey experts representing all relevant stakeholders What works in reality and what doesn't.., Problems in operational reality Good practices in use New or widely accepted initiatives
Develop insights and recommendations for further actions Propose new standards (ISA99, Vendor Requirements) Foster trusted information sharing (e.g. E-SCSIE) and PPPs Develop of national contingency plans Build scenarios for future exercises Identify new R&D topics Raise awareness among stakeholders Secure communications inside the SCADA systems Wide adoption of secure process control architectures
2011-04-06 7 [email protected]
www.enisa.europa.eu
Stakeholders
ICS manufacturers ICS operators ICS security tools providers Academia, R&D Public bodies involved in ICS protection Standardisation bodies
2011-04-06 8 [email protected]
www.enisa.europa.eu
Incentives
ICS manufacturers Recognise importance of cyber security issues, develop more secure products, develop more secure software
Operators Recognise importance of cyber security issues, deploy good practices, measures and controls, follow a holistic risk management approach
Member States competent bodies Recognise importance of cyber security issues, develop appropriate strategies and policies, raise the level of security of all providers, apply min security requirements
Commission Policy Makers Recognise importance of cyber security issues, engage in international co-operation, raise awareness, develop and promote good practices, support standards
2011-04-06 9 [email protected]
www.enisa.europa.eu
E-SCSIE
Excellent mechanism to share experiences, knowledge and identify problems
Critical mass of stakeholders to identify/develop and deploy good practices
ENISA strong participant with very good expertise on cyber security issues
Perfoming studies on the issues of common interest
Developing good practices
Liaising with EC/EP3R
2011-04-06 10 [email protected]
www.enisa.europa.eu
EU Activities for Smart Grids
Technology push RTD&D projects since 2003, c.a. €400 Million EU support European Technology Platform, launched in 2006 Strategic Energy Technology Plan – European Electricity Grids Initiative, launched in June 2010
Market push Market regulation: 3rd energy package, adopted in August 2009 Task Force for Smart Grids, launched in November 2009 European Infrastructure Package, 17 November, 2010 Energy Efficiency Action Plan, planned for 2011 Mandates for standards
International cooperation EU-US Energy Council International Grid Action Network (ISGAN), under the Clean Energy Ministerial Conference
2011-04-06 12 [email protected]
www.enisa.europa.eu
Conclusions
Multiple challenges facing information security and resilience of Industrial Control Systems
Proper addressing the challenges requires high involvement, collaboration and information sharing of all relevant stakeholders
ENISA fosters this dialogue
ENISA’s activities in the domain are particularly intense
2011-04-06 13 [email protected]
www.enisa.europa.eu
Summer School on Network & Information Security
14
www.nis-summer-school.eu
2011-04-06 [email protected]
