Fostering cyber security
Computer networks reside at the heart of critical infrastructure on which people rely, such as the power grid, the oil and gas industries, and water supply networks. Today, these systems are far too vulnerable to cyber attacks, which can inhibit their operation. The goal of the EU-funded 'European network for the security of control and real-time systems' (ESCORTS) project was to promote awareness of security risks and develop the best practice possible in a joint endeavour between manufacturers and consumers. A survey of the stakeholder needs organised by the project team identified a lack of explicit European demand for comprehensive security solutions. This stems from the potential cost of security measures, which might weigh considerably on the overall cost of control equipment. However, the consequences of a cyber attack could be so detrimental that some vendors (at least the larger ones) already perform security tests of their equipment as part of the quality assurance process. Researchers provided a roadmap to identify potential deficiencies with respect to security organisations, personnel training and general awareness of cyber attacks. They have emphasised that testing real-live security systems could be possible, but that it has to be performed with extreme caution in order to avoid a system breakdown. The team concluded that there is a significant market for security consulting, testing and personnel training in each industrial sector – particularly in the energy, chemical and pharmaceutical industries. They also noted that the main issue was not the lack of standards and guidelines, but rather the need to increase awareness of potential cyber attacks.