Home / Blog / ICS identification

ICS identification

Posted on 06/25/2015, by INCIBE
ICS identification

When it comes to considering protection measures for a company, information is an essential element. This knowledge is even more important when we refer to companies belonging to the strategic sectors given that the impact of any incident involving said companies could mean the loss of human lives aside from any material losses.

Therefore, identifying a country’s critical assets and strategic operators is considered vital to national security. For this reason, ENISA is developing a series of methodologies regarding this issue with the intention of helping Member States to identify their strategic assets.

ENISA then analysed the sectors which had been identified as critical by their Member States in order to propose a complete list of sectors, subsectors and critical services. This list was created so that Member States could easily identify their strategic companies in an organised way. The image below illustrates the list published by ENISA:

critical assets

Once the critical sectors have been defined, identifying assets and services can take on two approaches based on who assumes the role for the identification of the services:

  • State-driven Identification: the government agencies have the mandate to identify and protect Critical Infrastructure – in most cases the responsible ministries. After first deciding on the critical sectors, the state then applies a method to systematically identify critical services. Next, they identify the operators involved in these services that can collaborate in the control and identification of the assets they are supported by.
  • Operator-driven Identification: the identification is led by the Critical Infrastructure operators. In this case, the state identifies a list of operators (also called ‚vital operators’), who are responsible for identifying the individual critical services and assets that comply with a number of risk analyses and risk management directives. Then, the responsible state agency reviews the selected services and assets along with the protection plans.

This methodology proposed by ENISA is outlined in the document “Methodologies for the identification of Critical Information Infrastructure assets and services” and can be downloaded from this web page.

Whichever approach is chosen by the Member States in order to identify their critical services, it is crucial that operators collaborate given that they may not have the appropriate personnel to carry out the audit necessary for the identification of the assets which support their services.

In order to provide strategic operators with an inventory of appropriate suppliers, the ICC has published the Catalog of Suppliers of Industrial Cybersecurity Services and Solutions 2015, which contains an exhaustive catalogue of suppliers who are specialists in industrial cybersecurity. This way, strategic operators will be able to depend on these suppliers when it comes to identifying assets and performing risk analyses, as well as any other task requiring specialised support.

The catalogue is divided into two sections: one section is dedicated to Services and the other is dedicated to Solutions. In the Services section you can find suppliers of services such as Computer Emergency Response Team of Cybersecurity (CERT), security operation centers (SOC), Audit, Training… The Solutions section focuses more on Access Control, Monitoring, Protection…