The convergence between Operations Technology (OT) for industrial processes and Information Technology (IT) raises the need for the security of ICS/SCADA systems but also for qualified professionals. Currently there is limited awareness of the available certification schemes in the sector which results in few qualified professionals.
The complexity of ICS/SCADA systems lays mainly with its multi-disciplinary character (cyber security, operations and information technology) and the broad range of sectors using industrial systems (such as automation, energy, chemical, pharmaceutics, energy etc.). As such, ICS/SCADA systems display differences in their processes, operational procedures, and consequences.
A main challenge of current certification schemes is managing the convergence of cyber security and operations technology. Another is the complexity of different and multi-levelled professional profiles and roles from a functional point. Furthermore, it is necessary to raise the relevance, credibility and strength of future certifications for ICS/SCADA cyber security, by obtaining the support of professional associations.
The report proposes a series of recommendations to harmonize the certification of skills for ICS/SCADA professionals in Europe. These recommendations are relevant for both public and private sector across the EU.
- an independent steering committee should assess current global or national certification schemes and define a European Cyber Security certification scheme for ICS/SCADA professionals. This is important to achieve the degree of measured knowledge applicable to industrial operations.
- certifications should be multi-level to reach a wide range of professionals from different fields of practice, including operational and managerial topics, and practical aspects.
- a certification scheme should be established with management content. This would add value, ensuring that managers are qualified to make the right decisions in crisis situations.
- a simulation environment should be developed both for training purposes and for testing practical skills.
ENISA’s Executive Director Udo Helmbrecht said: “ICS/SCADA cyber security is at the core of many industrial processes and a growing field which will present commercial and industrial opportunities. Specialised schemes certifying the skills of cyber security experts working on ICS/SCADA would be advantageous to industry sectors and sub-sectors, and important in ensuring the level of cyber security across Europe”.
For full report: Certification of Cyber Security skills of ICS/SCADA professionals