ENISA – Communication network dependencies for ICS/SCADA systems
What’s in the Standard
The objective of this document is to provide insight into the communication network interdependencies currently present in industrial infrastructures, mapping critical assets, assessing possible attacks, identifying good practices and security measures, and defines guidelines for the establishment of appropriate cybersecurity insurance requirements.
The ISA95 standard was selected as a main reference for guidance – focusing on the interconnection between assets and systems and sorting them into classifications/levels.
Unidirectional technology is mentioned multiple times in the context of technology that provides security for insecure protocols, and as a recommended practice in SCADA security to reinforce security systems.
Although unidirectional technology is recommended for SCADA systems, which is a progress for ENISA, overall this guideline disappoints on the level of counter measures for malware infection attacks and SCADA system compromises. The authors could have taken the opportunity to recommend robust security through unidirectional technology but instead they mention just about every defense IT solution within Defense-in-Depth.