ICS Security: The European Perspective

ICS security is concerned with securing and safeguarding industrial control systems, keeping processes and machinery running smoothly, and ensuring that the information and data shown on the control room dashboards and screens are accurate. Like every system that is networked to the Internet, ICS must be properly secured.

The problem is that ICS security is often overlooked because it is tied to mission-critical systems and infrastructure. As such, disruptions are often avoided, which includes taking these systems down for security updates. This gives rise to the problem of having an ICS that is out-of-date, unpatched, and vulnerable to attacks, which in turn raises a growing number and a wider variety of threats and vulnerabilities for ICS security.

Existing capabilities have proven insufficient to ensure a high level of ICS security. Different states have very different levels of preparedness, which has led to fragmented approaches against ever-increasing threats. Additionally, the lack of common security requirements makes it impossible to set up a global and effective mechanism for transnational and international cooperation.

The criticality and importance of these infrastructures to the stability and economy of states make them centers of gravity, as Clausewitz defined in his book On War. You can only imagine the impact of a disrupted electrical grid in major cities or the health issues that could arise from a contaminated water grid in Paris or Los Angeles. One word can describe it in full: chaos. It is therefore imperative that ICS security is not only an inter-organizational issue but rather a state and international priority.

A European Perspective on ICS Security

As such, many states and international organizations have developed national strategies and policies, like the United States’ NIST 800-82 and OECD’s Digital Security Risk Management for Economic and Social Prosperity.

On 10 May 2018, the enacted the Network (Read more...)