|
The goal of the DHS National Cyber Security Division's CSSP is to reduce control system risks within and across all critical infrastructure sectors by coordinating efforts among federal, state, local, and tribal governments, as well as control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov. 2008 PCSF Annual Meeting The Process Control Systems Forum (PCSF) 2008 Annual Meeting will be held August 26 - 28 in San Diego, CA. Pre-meeting training, agenda, other meeting information, and registration are available at https://www.pcsforum.org/events/2008/. The PCSF 2008 Annual Meeting will include four tracks: Critical Infrastructure and Control Systems Security Curriculum The Critical Infrastructure and Control Systems Security Curriculum is designed as a tool to be employed by an instructor for use in creating a masters-level professional course on Critical Infrastructure and Control Systems Security. The objective of any course constructed with this tool will be to convey fundamental organizational and economic principles required to (1) effectively manage high-impact risk to infrastructure services, and (2) design and implement public policies and business strategies that mitigate such risks. Even though many of the case examples are drawn from control systems, the principles will apply to other critical infrastructure situations Control Systems Cyber Security Self-Assessment Tool (CS2SAT) available from two distributors The ISA Automation Standards Compliance Institute (ASCI) and Lofty Perch, Inc. are licensed distributors of the Control Systems Cyber Security Self-Assessment Tool (CS2SAT). This application, created by the Control Systems Security Program for the Department of Homeland Security National Cyber Security Division, was developed to assist SCADA and Process Control System users improve the cyber security posture of their control systems. Online training - OPSEC for Control Systems Wins AwardThe web based training OPSEC for Control Systems received the 1st Place Award for Electronic Multimedia at the Annual National OPSEC Conference, on April 8 in Denver, Colorado. This innovative, web-based course introduces control systems employees to the basic concepts of operations security (OPSEC) and applies these concepts to the control system environment. Course lessons let you check your understanding of the concepts with interactive exercises in which you explore different environments to discover problems. You even have the opportunity to play the "bad guy" and try to disrupt a competitor's manufacturing process. |
What's NewNERC Issues Reliability Advisories on February 26, 2008 Florida Outage NIST released Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. This publication provides comprehensive assessment procedures for the security controls in NIST Special Publication 800-53 (as amended) and important guidance for federal agencies in building effective security assessment plans. The United States Government Accountability Office (GAO) was asked to determine whether the Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, has implemented appropriate information security practices to protect its control systems. The GAO examined the security practices in place at several TVA facilities; analyzed the agency's information security policies, plans, and procedures against federal law and guidance; and interviewed agency officials who are responsible for overseeing TVA's control systems and their security. (What GAO found) The Water Sector Coordinating Council Cyber Security Working Group has released a Roadmap to Secure Control Systems in the Water Sector. The roadmap focuses on what its contributors believe to be a sound framework that addresses the most significant industrial control system challenges within the next 10 years.
HighlightsFree training provided prior to the Annual PCSF Meeting. Seating will be limited for the free training courses available to registered attendees of the PCSF Annual Meeting. The following courses will be provided Monday, August 25, 2008:
ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Get Adobe Reader