IACS Cybersecurity Certification Framework

IACS Cybersecurity Certification Framework

European-IACS


Challenge

Industrial Automation and Control Systems (IACS) increasingly constitute a target for cyber-attacks aimed at disturbing Member States’ economies, at disabling our critical infrastructures or at taking advantage of our people. Such hostile acts take place in a context of geo-strategic tensions, for organized crime, or in support of activist causes.

Within ERNCIP, the Thematic Group on “Case Studies for the Cyber-Security of IACS” has already considered the issue and proposed a roadmap for the establishment of a European IACS Components Cyber-security Compliance and Certification Scheme.

This proposal has become the core topic for the Thematic Group in 2016. More specifically, the activities of the Thematic Group will build on the ERNCIP deliverable ‘European IACS Components Cyber-Security Compliance and Certification Scheme’ produced in 2014 (available from the download area).

Focus of work

 

  • To extract from designated existing standards, their common good practices and requirements and to organize them into a common classification covering an agreed set of domains of Compliance and Certification;
  • To define Generic IACS Cyber-security Profiles including classes of IACS products and target levels of cyber-security, operating and security environments;
  • To define a common process for each of the levels of the proposed European IACS components Cyber-security Compliance & Certification Scheme.
  • To develop a prototype of a database of Certification and Compliance evaluated IACS products.

The work programme - Main deliverables

The draft work programme includes:

  • Updated version of the Proposal for a European IACS Components Cyber-security Compliance and Certification Scheme as amended and improved after consultations with key stakeholders;
  • Report on Common Cyber-Security Requirements to be used for the development of the European IACS components Cyber-security Compliance & Certification Scheme;
  • Generic IACS Cyber-Security Profiles for the establishment of the European IACS components Cyber-security Compliance & Certification Scheme;
  • Report on the Compliance & Certification Process supporting the European IACS components Cyber-security Compliance & Certification Scheme.

Deliverables List