ENISA’s recommendations for Certifying ICS/SCADA professionals

The convergence between Operations Technology (OT) for industrial processes and Information Technology (IT) raises the need for the security of ICS/SCADA systems but also for qualified professionals. Currently there is limited awareness of the available certification schemes in the sector which results in few qualified professionals.

The complexity of ICS/SCADA systems lays mainly with its multi-disciplinary character (cyber security, operations and information technology) and the broad range of sectors using industrial systems (such as automation, energy, chemical, pharmaceutics, energy etc.). As such, ICS/SCADA systems display differences in their processes, operational procedures, and consequences.

A main challenge of current certification schemes is managing the convergence of cyber security and operations technology. Another is the complexity of different and multi-levelled professional profiles and roles from a functional point. Furthermore, it is necessary to raise the relevance, credibility and strength of future certifications for ICS/SCADA cyber security, by obtaining the support of professional associations.

The report proposes a series of recommendations to harmonize the certification of skills for ICS/SCADA professionals in Europe. These recommendations are relevant for both public and private sector across the EU.

  • an independent steering committee should assess current global or national certification schemes and define a European Cyber Security certification scheme for ICS/SCADA professionals. This is important to achieve the degree of measured knowledge applicable to industrial operations.
  • certifications should be multi-level to reach a wide range of professionals from different fields of practice, including operational and managerial topics, and practical aspects.
  • a certification scheme should be established with management content. This would add value, ensuring that managers are qualified to make the right decisions in crisis situations.
  • a simulation environment should be developed both for training purposes and for testing practical skills.

ENISA’s Executive Director Udo Helmbrecht said: “ICS/SCADA cyber security is at the core of many industrial processes and a growing field which will present commercial and industrial opportunities. Specialised schemes certifying the skills of cyber security experts working on ICS/SCADA would be advantageous to industry sectors and sub-sectors, and important in ensuring the level of cyber security across Europe”.

For full report: Certification of Cyber Security skills of ICS/SCADA professionals

www.enisa.europa.eu

 

Neueste Artikel

Ein neuer Digitaler Ausweis-Service ermöglicht die vollautomatisierte Identifikation und Legitimierung von Sparkassen-Kunden innerhalb kürzester Zeit. Entwickelt wurde der Service von der S-Markt & Mehrwert. Die Pilotierung und Einführung wird…

Der Vorsitzende des IT-Planungsrates und der Hauptgeschäftsführer des Bankenverbandes sowie die Geschäftsführer von Bank-Verlag und Governikus vereinbaren intensiven Informationsaustausch der beiden Branchen.

Nach der Hauptversammlung vom 29. April 2019 berief der Aufsichtsrat auf seiner Sitzung am 9. Mai Massimo Sarmi zum Vizepräsidenten des Aufsichtsrats. Zugleich wurde Nicola Cordone als Vorstandsvorsitzender (CEO) des…