Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Networks

ENISA unveils good control good-practice guide for CERTs

Posted: 26 Dec 2013     Print Version  Bookmark and Share

Keywords:ENISA  CERT  industrial control system  computer emergency response  ICS 

The European Union Agency for Network and Information Security (ENISA) has published a 'Good practice guide for CERTs in the area of Industrial Control Systems' for those needing to provide ICS computer emergency response capabilities (ICS-CERC). The release aims to boost security in the industrial segment.

ENISA concentrates on achieving a high level of network and information security within the European Union. The goal is to attempt to prevent security problems using its body of expertise covering technical and scientific aspects of security, and working as a European Agency. It also works in the area of developing security-based legislation.

ENISA provided a baseline guide in the past that used four categories of capabilities that include mandate, service portfolio, operations relative to ICS-CERC and cooperation with other ICS stakeholders.

The updated guide maintains the same categories, but expands the information. From initial focus, through training, further education, hosting and ongoing cooperation, the guide explains, recommends and, wherever possible, gives concrete examples. It also stresses those factors that are different in industrial security systems when compared with typical IT needs.

The guide not only discusses what should be put into place, but also briefly delves into maintenance, continued development and improvement of the plan, once in place.

The expectation is that ENISA will continue to update the guide, and that it will remain a dynamic effort.

Earlier in 2013, ENISA summarized 120 reports dating from 2011 and 2012 in the "ENISA Threat Landscape Report" to provide an independent overview of observed threats and emerging threats. It identified a top 10 list in emerging technology areas including mobile computing, social media/technology, critical infrastructure, trust infrastructures, cloud, and big data. The top 10 threats include drive-by exploits (malicious code injects to exploit web browser vulnerabilities), worms/trojans, code injection attacks, exploit kits (ready-to-use software package to automate cybercrime), botnets (hijacked computers that are remotely controlled), (distributed) denial-of-service attacks (DDoS/DoS), phishing (fraud mails and websites), compromising confidential information (data breaches), rogueware/scareware and spam.

- Carolyn Mathas
  EE Times

Comment on "ENISA unveils good control good-prac..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top