ENISA warns of further targeted attacks on critical infrastructure

The European Agency for Internet Security (European Network and Information Security Agency, ENISA) claims to have discovered the Stuxnet attacks a paradigm shift in terms of targeted attacks against key market resources. It warns against similar attacks in the near future, in which the development of malware would similarly involve the investment of time and money as Stuxnet. According to ENISA Europe must rethink its arrangements for the protection of critical infrastructure.

scada critical-infrastructure

One measure would be the Agency’s opinion, to formulate guidelines for decision-makers to get the potential impact in the handle. For this purpose, ENISA is planning among other things, in November a kind of test alarm, in which transnational emergency Critical Infrastructure should be practiced. In “Cyber Europe 2010” wants to train only the exchange of information between the responsible bodies too but initially.

As part of its work, ENISA has published a Stuxnet-analysis, although Although detailed information and recommendations for action promises, but ultimately consists of only two short paragraphs and otherwise refers to the pages of Symantec and Siemens. When asked by Heise Security, why ENISA published a press release and a brief analysis of only three months after becoming aware of the harmful potential of Stuxnet, spokesman Ulf Bergstrom replied evasively. In 2004, launched by the EU Agency understand yourself as an expert center that collects safety-related data and analyzes and promotes cooperation with various actors in the field of network security. It was not an executive body, for implementing the various steps that the Member States are responsible.

2011 ENISA intends to develop a “best practices” guide that shows how to secure SCADA systems and how to analyze the dependencies of information and communication technologies in critical areas.