« Cyber Weapon (made in Japan) ? | Main | 総務省 マイナンバー付番システム等の構築に係る情報提供依頼(RFI)について »

2012.01.07

EU 産業用制御システムのセキュリティについての7つの提言

 こんにちは、丸山満彦です。ENISA(Europian Network and Information Security Agency)が産業用システムのセキュリティについての提言(推奨)を出していましたね(2011年12月)。。。

7つの提言(推奨)
=====
1: Creation of Pan-European and National ICS Security Strategies
2: Creation of a Good Practices Guide for ICS Security
3: Creation of ICS security plan templates
4: Foster Awareness and Training
5: Creation of a common test bed, or alternatively, an ICS security certification framework
6: Creation of national ICS-computer emergency response capabilities
7: Foster research in ICS security leveraging existing Research Programmes
=====

 
■ENISA
・2011.12.09 Protecting Industrial Control Systems. Recommendations for Europe and Member States - the report

・・Protecting Industrial Control Systems.
 ・・Recommendations for Europe and Member States (main report)

  ・・・PDF
 ・・Annex I: Desktop Research Results
  ・・・PDF
 ・・Annex II. Survey and Interview Analysis
   ・・・PDF
 ・・Annex III. ICS Security Related Standards, Guidelines and Policy Documents
   ・・・PDF
 ・・Annex IV. ICS Security Related Initiatives
   ・・・PDF
 ・・Annex V. Key Findings
   ・・・PDF
 ・・Annex VI. Minutes of the Workshop
   ・・・PDF


=====
1 Executive summary
2 Introduction

 2.1 The evolution of Industrial Control Systems
 2.2 Cyber security aspects of ICS
 2.3 The need for a study on ICS security
3 Purpose and scope of the study
 3.1 The aim of the study
 3.2 The scope of the study
4 Targeted audience
5 Approach .
6 Key Findings

 6.1 The biggest challenges in ICS security .
 6.2 Standards, guidelines and regulations
 6.3 Acceptance and use of standards, guidelines and regulations .
 6.4 The need for an Operators / Infrastructure level Security Plan
 6.5 Attitude towards information sharing and other collaborative Initiatives .
 6.6 Public Private Partnerships
 6.7 Common test bed
 6.8 Dissemination and Awareness Initiatives
 6.9 The usefulness of an ICS-computer emergency response capabilities or equivalent alternatives
 6.10 Current situation of Technologic Threats and Solutions
 6.11 Legacy Related Risks
 6.12 ICT and ICS convergence problems
 6.13 Other Technology Issues
 6.14 Present and Future Research
 6.15 Pending debates on ICS security and other related issues
7 Recommendations  7.1 Recommendation 1: Creation of Pan-European and National ICS Security Strategies
 7.2 Recommendation 2: Creation of a Good Practices Guide for ICS Security
 7.3 Recommendation 3: Creation of ICS security plan templates
 7.4 Recommendation 4: Foster Awareness and Training
 7.5 Recommendation 5: Creation of a common test bed, or alternatively, an ICS security certification framework
 7.6 Recommendation 6: Creation of national ICS-computer emergency response capabilities
 7.7 Recommendation 7: Foster research in ICS security leveraging existing Research Programmes
8 Conclusions .
9 References
10 Abbreviations

Annexes
 • Annex I: Desktop Research Results
 • Annex II. Survey and Interview Analysis
 • Annex III. ICS Security Related Standards, Guidelines and Policy Documents
 • Annex IV. ICS Security Related Initiatives
 • Annex V. Key Findings
 • Annex VI. Minutes of the Workshop
=====

■関連記事
●FierceGovernmentIT
・2012.01.03 E.U. body outlines broad security goals for industrial control systems

=====
ENISA recommends:
・Creation of pan-European and national ICS security strategies;
・Creation of a best practices guide for ICS security;
・Creation of ICS security plan templates for operators and infrastructures, which security experts could adapt to their particular situation;
・Member states make a management commitment to ICS security by fostering awareness and training;
・Creation of a common test bed, or alternatively, an ICS security certification framework;
・Creation of national ICS-computer emergency response capabilities; and
・Promotion of research in ICS security leveraging existing research programs.
=====

|

« Cyber Weapon (made in Japan) ? | Main | 総務省 マイナンバー付番システム等の構築に係る情報提供依頼(RFI)について »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/53679476

Listed below are links to weblogs that reference EU 産業用制御システムのセキュリティについての7つの提言:

« Cyber Weapon (made in Japan) ? | Main | 総務省 マイナンバー付番システム等の構築に係る情報提供依頼(RFI)について »