NCS3 – Swedish Regulations within the area of Industrial Control Systems

Authors:

  • Karin Mossberg Sonnek
  • Fredrik Lindgren

Publish date: 2016-02-01

Report number: FOI-R--4197--SE

Pages: 57

Written in: Swedish

Keywords:

  • Regulations
  • industrial control system
  • SCADA
  • electricity production
  • electricity distribution
  • production of drinking water
  • water distribution
  • long distance heating
  • remote cooling
  • chemical processing industry
  • railbound traffic
  • electronic communications

Abstract

During 2012, FOI carried out a study on behalf of MSB (the Swedish Civil Contingencies Agency) with the aim to investigate how different regulations influence the security work with regard to industrial control systems. The study had focus on six sectors; electricity, drinking water, long distance heating and cooling, chemical processing industry railbound traffic and electronic communications. In 2015, MSB initiated a new study to follow up changes since the last study. The result from both studies are presented in this report. Several authorities has established new regulations since 2012 that influence the security work in the sectors. More changes are supposed to be implemented as a result of the revision of the security protection law and the revision of MSB's and the Swedish Radiation Safety Authority's regulations. Laws and regulations can all be used to support the security work on a general level. However, the studies have shown that these seldom explicitly mention security in industrial control system. Taken together, the two studies show that the awareness of security issues in industrial control systems has increased since 2012, but that the variation between sectors is large. The electricity sector and drinking water sector have made most progress. The primary actors in these sectors are the authority Svenska kraftnät and the trade organisation Svensk Energi together with the trade organisation Swedish Water & Wastewater Association.