ENISA’s recommendations for Certifying ICS/SCADA professionals

The convergence between Operations Technology (OT) for industrial processes and Information Technology (IT) raises the need for the security of ICS/SCADA systems but also for qualified professionals. Currently there is limited awareness of the available certification schemes in the sector which results in few qualified professionals.

The complexity of ICS/SCADA systems lays mainly with its multi-disciplinary character (cyber security, operations and information technology) and the broad range of sectors using industrial systems (such as automation, energy, chemical, pharmaceutics, energy etc.). As such, ICS/SCADA systems display differences in their processes, operational procedures, and consequences.

A main challenge of current certification schemes is managing the convergence of cyber security and operations technology. Another is the complexity of different and multi-levelled professional profiles and roles from a functional point. Furthermore, it is necessary to raise the relevance, credibility and strength of future certifications for ICS/SCADA cyber security, by obtaining the support of professional associations.

The report proposes a series of recommendations to harmonize the certification of skills for ICS/SCADA professionals in Europe. These recommendations are relevant for both public and private sector across the EU.

  • an independent steering committee should assess current global or national certification schemes and define a European Cyber Security certification scheme for ICS/SCADA professionals. This is important to achieve the degree of measured knowledge applicable to industrial operations.
  • certifications should be multi-level to reach a wide range of professionals from different fields of practice, including operational and managerial topics, and practical aspects.
  • a certification scheme should be established with management content. This would add value, ensuring that managers are qualified to make the right decisions in crisis situations.
  • a simulation environment should be developed both for training purposes and for testing practical skills.

ENISA’s Executive Director Udo Helmbrecht said: “ICS/SCADA cyber security is at the core of many industrial processes and a growing field which will present commercial and industrial opportunities. Specialised schemes certifying the skills of cyber security experts working on ICS/SCADA would be advantageous to industry sectors and sub-sectors, and important in ensuring the level of cyber security across Europe”.

For full report: Certification of Cyber Security skills of ICS/SCADA professionals



Neueste Artikel

Städte und Gemeinden sehen auch nach den Ergebnissen der Neuauflage des Zukunftsradar Digitale Kommune im Jahr 2019 einen hohen Nutzen durch die Digitalisierung. Gleichzeitig werden auch in diesem…

Die Startups in Deutschland werden skeptischer. Aktuell sagen nur noch 39 Prozent der Gründer, dass sich in den vergangenen zwei Jahren die Lage für ihr eigenes Startup verbessert hat….

Seit Mai 2019 stellt das BSI ein zweistufiges Schulungskonzept zum Erwerb eines neuen Nachweises zum IT-Grundschutz-Praktiker und IT-Grundschutz-Berater zur Verfügung. Auf der BSI-Webseite steht nun der Antrag zur Zertifizierung…