Applus+ is participating in a European Commission research-and-development project aimed at bringing cybersecurity certification to critical infrastructure in the industrial automation and control systems (IACS) sector. The project, part of the European Reference Network for Critical Infrastructure Protection (ERNCIP), aims to propose an initial set of common European requirements and broad guidelines that will help to foster IACS cybersecurity certification in Europe.
Applus+: an experienced certification laboratory
As a laboratory with extensive experience in certification processes, Applus+ is participating in Spain’s National Exercise Team (NET), which is working to assess the IACS Components Certification Framework (ICCF). Since 2014, the ICCF has aimed to provide professionals within vendor, industry, laboratory and certification organisations with guidelines to help make the cybersecurity certification of IACS components smoother, easier, more cost-effective and recognised both within and beyond European borders.
Protecting critical infrastructure
IACS products manage automation and control systems in industrial contexts such as refineries, chemical plants, manufacturing operations, power plants and pipelines. Stringent cybersecurity protection is needed in order to mitigate threats from hacking, geopolitical instability or terrorism in areas of such critical infrastructure.
The ICCF project is important because the findings and decisions arising from this pilot could be extrapolated to apply to certification schemes planned for other verticals, such as IoT, automotive, etc.