Industrial Automation Control Systems Cybersecurity Certification – Chapter II (L22a)
At ICCC 2019, we presented the work that had been carried out since 2014 by the ERNCIP (European Reference Network for Critical Infrastructure Protection) IACS Thematic Group towards the creation of an EU cybersecurity certification scheme for Industrial Automation and Control Systems (IACS) components (https://erncip-project.jrc.ec.europa.eu/networks/tgs/european-iacs). The ERNCIP IACS Thematic Group, as well as the overall ENRCIP project, is established and driven by the European Commission DG JRC (Joint Research Centre).
Thereafter, in 2020, the ERNCIP IACS Thematic Group has progressed to the actual development of the specific recommendations for the implementation of the “IACS Components Cybersecurity Certification Scheme” (ICCS) under the European Cybersecurity Act umbrella.
As a result, the presentation at this year’s ICCC will describe the key points of the aforementioned recommendations for the EU ICCS: agnosticism of the evaluation methodology, three assurance levels, self-assessment, assessment activities, etc. Moreover, a comparison will be provided with other existing certification schemes related to industrial components such as UL2900, IEC 62443-4-2, Common Criteria, Lightweight, etc. Finally, an overview of the current roadmap for the eventual realisation of the ICCS in the EU will be given.