Good Practices for an EU ICS Testing Coordination Capability

There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for improvement in methodologies, standards and educational resources. Most experts consider that leveraging these efforts under a coordinated programme could help to raise the status of ICS security testing. In order to provide ICS security testing capabilities in the European Union, it is important to understand the needs of the community, and the main objectives that must be taken into consideration. An independent testing coordination capability, aligned with current standards, supported by public institutions and able to provide value to all involved stakeholders is required, but some other topics, such as the importance of making testing mandatory, are still under discussion.