Certification of cyber security skills of ICS/SCADA professionals : good practices and recommendations for developing harmonised certification schemes

The industrial world is constantly evolving, including new technologies adapting to market requirements. One of the most transcendental adaptations the industrial world is currently experiencing is the convergence between Operations Technology (OT), the operations needed to carry out the industrial processes, and Information Technology (IT), the use of computers to manage data needed by the organisation's enterprise processes. This convergence has many advantages (optimisation of operations, better use of resources, cost savings, etc.), but it also raises additional issues, such as the need for cyber security of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. This convergence, which affects hundreds of thousands of systems worldwide, implies that professionals with knowledge of cyber security for ICS/SCADA will be needed. However, currently, there are very few professionals with the proven skills available to do this work. This document explores how current initiatives on certification of professional skills are related to the topic of ICS/SCADA cyber security. It also identifies the challenges and proposes a series of recommendations towards the development of certification schemes for ICS/SCADA cyber security professionals.