SCADA Roadmap Europe

Folie 1

AK IT Security II 2015/16

Stefan More

Definition

Motivation

State of CIIP in Europe

EU SCADA Roadmap

SCADASupervisory Control

and

Data Acquisition

type of Industrial Control System (ICS)

https://commons.wikimedia.org/wiki/File:SCADA_schematic_overview-s.svg

http://www.abb-conversations.com/2015/07/monitor-collect-decide-scada-in-renewable-generation/

http://tdworld.com/asset-management-service/nyiso-opens-new-power-control-center

http://www.scadasoftware.net/scadasoftware/scada-pictures/

http://www.automationx.com/de/312/SCADA

Where?

Industrial Control System(Smart) Power Grid + Generation

Gas / Oil / Water

Transportation

Chemical Plants

Donut Factory

...

http://www.automation.com/library/case-studies/automating-a-donut-packaging-and-labeling-line

SCADA Protection: Motivation

Used by Critical Infrastructure

Safety vs. Security

Old systems, suddenly interconnected

Security by Obscurity?

Connected to other ICT

Real attackers: Stuxnet, Daesh, ...

Let's protect Critical Infrastructure European Commission

https://commons.wikimedia.org/wiki/File:Berlaymont-Building-1.Jpg

Let's protect Critical Infrastructure! Critical Information Infrastructure

Consultation (Green Paper, ...)

http://eur-lex.europa.eu/procedure/EN/198140

COM(2009) 149 on CIIP

preparedness and prevention

detection and response

mitigation and recovery

international cooperation

and criteria for EC infrastructures in the field of ICT



Industrial Control Systems


Industrial Control Systems

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems

ENISA 2011 Report on ICS

Expert poll

Document-based research

Input from CPNI UK, NIST, IEEE, ANSI/ISA, IEC, ISO

ENISA 2011 Report on ICS

~100 key findings

7 recommendations

ENISA Report Recommendations

Pan-European and National ICS Security Strategies

Good Practices Guide for ICS Security

ICS security plan templates

Awareness and Training

common test bed / security certification framework

national ICS-computer emergency response

research leveraging existing Research Programmes

Beyond the ENISA Report

Cyber Europe

ENISA 2015 Reports: Certification of Cyber Security skills of ICS/SCADA professionals

Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors

A lot of work to do:

https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada

See AK IT Security II

http://legendpower.com/product-info/terms-and-faq/smart-grid/

Thanks for your attention!

References

ENISA Documents: Protecting Industrial Control Systems. Recommendations for Europe and Member States https://www.enisa.europa.eu/media/key-documents/brochures-and-leaflets/scada-security-leaflet/

News: Is Europe ready to protect SCADA?
https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada

Wikipedia: SCADA
https://en.wikipedia.org/wiki/SCADA

Journal of Homeland Security and Emergency Management
http://www.degruyter.com/view/j/jhsem.2005.2.2/jhsem.2005.2.2.1117/jhsem.2005.2.2.1117.xml

Presentations: SCADA StrangeLove
https://media.ccc.de/search/?q=scada

Presentation: Damn Vulnerable Chemical Process
https://www.youtube.com/watch?v=TPUzNMcFb4A


Stefan More / [email protected]

SCADA Roadmap Europe


Stefan More / [email protected]

Mastertitelformat bearbeiten

12/14/15

Name und OE, Eingabe ber > Kopf- und Fuzeile

Mastertitelformat bearbeiten

Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelMastertextformat bearbeitenZweite EbeneDritte EbeneVierte Ebene

Fnfte Ebene

Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline Level

Seventh Outline LevelMastertextformat bearbeiten

12/14/15

Name und OE, Eingabe ber > Kopf- und Fuzeile

SCADA Roadmap Europe

Technology

Transcript of SCADA Roadmap Europe