scada roadmap europe
TRANSCRIPT
Folie 1
AK IT Security II 2015/16
Stefan More
Definition
Motivation
State of CIIP in Europe
EU SCADA Roadmap
SCADASupervisory Control
and
Data Acquisition
type of Industrial Control System (ICS)
https://commons.wikimedia.org/wiki/File:SCADA_schematic_overview-s.svg
http://www.abb-conversations.com/2015/07/monitor-collect-decide-scada-in-renewable-generation/
http://tdworld.com/asset-management-service/nyiso-opens-new-power-control-center
http://www.scadasoftware.net/scadasoftware/scada-pictures/
http://www.automationx.com/de/312/SCADA
Where?
Industrial Control System(Smart) Power Grid + Generation
Gas / Oil / Water
Transportation
Chemical Plants
Donut Factory
...
http://www.automation.com/library/case-studies/automating-a-donut-packaging-and-labeling-line
SCADA Protection: Motivation
Used by Critical Infrastructure
Safety vs. Security
Old systems, suddenly interconnected
Security by Obscurity?
Connected to other ICT
Real attackers: Stuxnet, Daesh, ...
Let's protect Critical Infrastructure European Commission
https://commons.wikimedia.org/wiki/File:Berlaymont-Building-1.Jpg
Let's protect Critical Infrastructure! Critical Information Infrastructure
Consultation (Green Paper, ...)
http://eur-lex.europa.eu/procedure/EN/198140
COM(2009) 149 on CIIP
preparedness and prevention
detection and response
mitigation and recovery
international cooperation
and criteria for EC infrastructures in the field of ICT
Let's protect Critical Infrastructure! Critical Information Infrastructure
Let's protect Critical Infrastructure! Critical Information Infrastructure
Industrial Control Systems
Let's protect Critical Infrastructure! Critical Information Infrastructure
Industrial Control Systems
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems
ENISA 2011 Report on ICS
Expert poll
Document-based research
Input from CPNI UK, NIST, IEEE, ANSI/ISA, IEC, ISO
ENISA 2011 Report on ICS
~100 key findings
7 recommendations
ENISA Report Recommendations
Pan-European and National ICS Security Strategies
Good Practices Guide for ICS Security
ICS security plan templates
Awareness and Training
common test bed / security certification framework
national ICS-computer emergency response
research leveraging existing Research Programmes
Beyond the ENISA Report
Cyber Europe
ENISA 2015 Reports: Certification of Cyber Security skills of ICS/SCADA professionals
Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors
A lot of work to do:
https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada
See AK IT Security II
http://legendpower.com/product-info/terms-and-faq/smart-grid/
Thanks for your attention!
References
ENISA Documents: Protecting Industrial Control Systems. Recommendations for Europe and Member States https://www.enisa.europa.eu/media/key-documents/brochures-and-leaflets/scada-security-leaflet/
News: Is Europe ready to protect SCADA?
https://www.enisa.europa.eu/media/news-items/is-europe-ready-to-protect-scada
Wikipedia: SCADA
https://en.wikipedia.org/wiki/SCADA
Journal of Homeland Security and Emergency Management
http://www.degruyter.com/view/j/jhsem.2005.2.2/jhsem.2005.2.2.1117/jhsem.2005.2.2.1117.xml
Presentations: SCADA StrangeLove
https://media.ccc.de/search/?q=scada
Presentation: Damn Vulnerable Chemical Process
https://www.youtube.com/watch?v=TPUzNMcFb4A
AK IT Security II 2015/16
Stefan More / [email protected]
SCADA Roadmap Europe
AK IT Security II 2015/16
Stefan More / [email protected]
Mastertitelformat bearbeiten
12/14/15
Name und OE, Eingabe ber > Kopf- und Fuzeile
Mastertitelformat bearbeiten
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelMastertextformat bearbeitenZweite EbeneDritte EbeneVierte Ebene
Fnfte Ebene
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline Level
Seventh Outline LevelMastertextformat bearbeiten
12/14/15
Name und OE, Eingabe ber > Kopf- und Fuzeile