IACS Cybersecurity Certification Framework

IACS Cybersecurity Certification Framework

European-IACS


Challenge

Industrial Automation and Control Systems (IACS) increasingly constitute a target for cyber-attacks aimed at disturbing Member States’ economies, at disabling our critical infrastructures or at taking advantage of our people. Such hostile acts take place in a context of geo-strategic tensions, for organized crime, or in support of activist causes.

Within ERNCIP, the Thematic Group on “Case Studies for the Cyber-Security of IACS” has already considered the issue and proposed a roadmap for the establishment of a European IACS Components Cyber-security Compliance and Certification Scheme.

This proposal has become the core topic for the Thematic Group in 2016. More specifically, the activities of the Thematic Group will build on the ERNCIP deliverable ‘European IACS Components Cyber-Security Compliance and Certification Scheme’ produced in 2014 (available from the download area).

Focus of work

 

  • To extract from designated existing standards, their common good practices and requirements and to organize them into a common classification covering an agreed set of domains of Compliance and Certification;
  • To define Generic IACS Cyber-security Profiles including classes of IACS products and target levels of cyber-security, operating and security environments;
  • To define a common process for each of the levels of the proposed European IACS components Cyber-security Compliance & Certification Scheme.
  • To develop a prototype of a database of Certification and Compliance evaluated IACS products.

The work programme - Main deliverables

The draft work programme includes:

  • Updated version of the Proposal for a European IACS Components Cyber-security Compliance and Certification Scheme as amended and improved after consultations with key stakeholders;
  • Report on Common Cyber-Security Requirements to be used for the development of the European IACS components Cyber-security Compliance & Certification Scheme;
  • Generic IACS Cyber-Security Profiles for the establishment of the European IACS components Cyber-security Compliance & Certification Scheme;
  • Report on the Compliance & Certification Process supporting the European IACS components Cyber-security Compliance & Certification Scheme.

Deliverables List


pdf

JRC111611_The IACS Cybersecurity Certification Framework

Wednesday, July 11, 2018

Abstract

The principal goal of this report is to present the experiments of the industrial automation and control systems (IACS) component Cybersecurity Certification Framework (ICCF) performed in 2017 by the national exercise teams (NETs) of several Member States, namely France, Poland and Spain. Based on real-life cases of use and simulations of ICCF activities, this report documents the current practices of these countries and NET members’ views in relation to IACS products’ cybersecurity certification. These studies have led to a series of findings that will be useful for the future of the ICCF in the context of the European Cybersecurity Certification Framework. In conclusion, a plan of action is proposed for the 2018-2019 period.