Bristol experts contribute to EU white paper on cyber security attacks

Press release issued: 22 October 2013

Researchers from the University of Bristol’s Cryptography Group and the Safety Systems Research Centre have contributed to an EU paper on the resilience of critical information infrastructures.

The white paper, entitled Can we learn from SCADA (supervisory control and data acquisition) security incidents? was issued by the EU’s cyber security agency, ENISA, earlier this month.

Industrial Control Systems (ICS) look more and more like consumer PCs, are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and ICS emphasise the importance of good governance and control of SCADA infrastructures. In particular the ability to respond to critical incidents and be able to analyse and learn from what happened is crucial.

The aim of the white paper is to raise awareness about how organisations could respond to the increasing numbers of recent security incidents against ICS and SCADA and provides recommendations regarding prevention and readiness for a swift and integrated response to cyber security attacks against ICS and SCADA.

Dr Theo Tryfonas, a member of the Cryptography Group who contributed to the paper, said: “This white paper marks a first European step towards developing a common approach for the integrated response to cyber attacks against critical information infrastructures across the Union.

“Organisations at the heart of the critical functions of our nations need to maintain incident monitoring capabilities, as well as the ability to secure and collect related evidence in order to learn from what happened.

“This is even more important, as the proliferation of emerging information and communication technologies transform the traditionally isolated and proprietary industrial systems in transport, utilities and many other critical sectors.”

Dr John May, Director of the Safety Systems Research Centre, added: “In a highly inter-connected world, these control systems have a special role. We depend on them in areas crucial to everyday life, such as transport and energy, and our safety is often in their hands. Because of this, and as we develop these systems to do more for us, it is vital to gain a fundamental understanding of the complex new ways in which they can go wrong or be manipulated maliciously to do harm.”

White paper: Can we learn from SCADA security incidents?, Adrian Pauna, ENISA; Konstantinos Moulinos, ENISA; Matina Lakka, ENISA; Dr John May, Faculty of Engineering, University of Bristol; Dr Theo Tryfonas, Faculty of Engineering, University of Bristol, European Union Agency for Network and Information Security (ENISA), published 9 October 2013.