ICS use cases modeling

The CCI has the honor of taking part in the European Commission Joint Research Centre (JRC) thematic group on Case studies for the Cyber Security of Industrial Automation & Control Systems. The objective of this thematic group is to answer two important questions for the European Critical Infrastructures Cybersecurity:

1. Is there a need for European Critical Infrastructure operators to have the cyber security properties of IACS components or subsystems tested / evaluated & certified?
2. If yes, what are the conditions of feasibility for making this happen? (who should do it and pay for it, how and where should be done, based on which standards, what are the benefits,…)

The kick-off meeting was held last march on the JRC facilities in Ispra (Italy), and allow to have a first contact with use cases  modeling through the presentation of two examples of “Airport database” and “SCADA for electric transport”. The modeling of use cases helps to determine which would be the impact of a possible incident, what the attack sources and techniques, and what are the possibilities to fight the incident or mitigate its impact.

Through the analysis of use cases the thematic group seeks to answer the questions raised before. In this task, a number of professionals with wide experience is involved, but we need help. We need more end users to be involved. We need the knowledge of Critical Infrastructures operators in order to model realistic use cases and explore all its implications.

If you work in an organization that uses Industrial Automation and Control Systems and you want to share your knowledge by taking part in the Thematic Group, just let us know through info@cci-es.org. This is a chance to be part of an initiative that will set important aspects of the Industrial Cybersecurity Market in Europe during the following years.