The European Network and Information Security Agency (ENISA) has called for the creation of a Europe-wide strategy to protect Industrial Control Systems (ICS), fearing another Stuxnet-style attack of the type that stymied Iran's nuclear programme last year.
A new report from the agency said "Even though there are multiple available good practices, technical reports and standards, security staff feel that they lack guidance from a trustworthy and objective reference authority."
The report makes a series of recommendations designed to improve the security of ICS:
"Awareness of this problem is not only about being aware of the risks involved in using the electronic communication systems, but far more about making the users aware of how to protect themselves online and how to use their information systems and products in a secure manner," the report said.
Cooperation and knowledge sharing within the EU is necessary for ICS security to be improved, according to the report's editor, Rafal Leszczyna.
"Real security for Industrial Control Systems can be only achieved with a common effort, characterised by cooperation, knowledge exchange and mutual understanding of all involved stakeholders," he added.
Last year's Stuxnet attack brought the vulnerability of ICS into focus, as this sophisticated piece of malware was able to cause physical damage to Iran's nuclear programme.
Professor Udo Helmbrecht, executive director of ENISA, argued that this increased attention has not yet resulted in an acceptable level of security among the EU's ICS.
"Stuxnet brought the problem of security of industrial control systems to our attention. But our study clearly shows there is a lot to be done in this area by all relevant stakeholders."
Kaspersky Lab founder and CEO Eugene Kaspersky recently said he expected to see more Stuxnet style attacks.
"I'm sure Stuxnet will happen again and again," he said. "It's extremely complicated and expensive to redesign industrial systems...and we depend on them for electricity, transport, information - everything depends on industrial systems."
Fears of further potential attacks on ICS appeared to be well-founded in October this year when security researchers found evidence of a new piece of malware, apparently closely related to Stuxnet, designed to infiltrate ICS to learn more about their useage and vulnerabilities.
Does Google know too much about you?
The trend towards non-desktop-based devices is enabling more flexible working practices and behaviours
Date: 29 May 2013
THIS EVENT HAS BEEN POSTPONED DUE TO ILLNESS. Business intelligence is enjoying an upsurge of interest. In an era in which businesses and organisations...
Date: 11 Jun 2013
The enterprise mobility summit will examine how organisations can manage the increasing array of endpoints which are enabling mobile computing in business....