|
The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov.
Now available: Developing an Industrial Control Systems Cybersecurity Incident Response Capability CSSP has released a new Recommended Practice, Developing an Industrial Control Systems Cybersecurity Incident Response Capability. The document presents recommendations to help those facilities that use control systems better prepare for and respond to a cyber incident regardless of source. It also suggests ways to learn from incidents and to strengthen the system against potential attacks. The document includes accepted methods and approaches from tradition information technology, but is primarily focused on the unique aspects of industrial control systems. [7 October 2009] DHS National Cyber Security Division Releases New Tool The Cyber Security Evaluation Tool (CSET) is a new product of the Department of Homeland Security (DHS) National Cyber Security Division (NCSD). CSET assists organizations in protecting their key national cyber assets. It is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. Read more Common Cyber Security Vulnerabilities The "Common Cyber Security Vulnerabilities Observed in DHS Industrial Control Systems Assessments" report presents results from 15 ICS assessments performed under the CSSP from 2004 through 2008. Although information found in individual stakeholder reports is protected from disclosure, the security of the critical infrastructure as a whole can be improved by sharing information on common security problems with those in industry responsible for developing and maintaining ICS. For this reason, vulnerability information was collected, analyzed, and organized in a way that the most prevalent issues could be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated ICS product. To read this report, click here. [22 July 2009] |
What's NewAs the lead federal agency involved in industrial control systems cybersecurity for Critical Infrastructure and Key Resources (CIKR), DHS National Cyber Security Division (NCSD) issued the Strategy for Securing Control Systems, which focuses on the vision and elements for coordinating activities to improve control systems security in the nation’s critical infrastructures. Marty Edwards, Program Manager for the DHS Control Systems Security Program, was the keynote speaker at the 2009 ISA Expo on Oct. 7. To read InTech's coverage of Edward's keynote, check out the two articles below: CSSP has released a new revision of the Catalog of Control Systems Security: Recommendations for Standards Developers. It now includes NIST SP800-53 Revision 3 Final Public Draft and NERC CIP-002-2 through CIP-009-2 in its Cross Reference of Standards. A new revision of Cyber Security Procurement Language for Control Systems has been released by CSSP. In this revision, Section 13 has been added. It addresses Wireless Technologies. A new Recommended Practice, Developing an Industrial Control Systems Cybersecurity Incident Response Capability has been released. It presents recommendations to help facilities that use control systems better prepare for and respond to a cyber incident regardless of source. The first edition of the Roadmap to Secure Control Systems in the Chemical Sector was issued on September 1, 2009. The Roadmap describes a plan for voluntarily improving cybersecurity in the Chemical Sector. Download the roadmap. HighlightsThe Strategy for Securing Control Systems (subsequently referred to as the Strategy) has been created by the U.S. Department of Homeland Security (DHS), National Cyber Security Division (NCSD), as part of the overall mission to coordinate and lead efforts to improve control systems security in the nation's critical infrastructures. The primary goal of the Strategy is to build a long-term common vision where effective risk management of control systems security can be realized through successful coordination efforts. Implementing the Strategy will create a common vision with respect to participation, information sharing, coalition building, and leadership activities. Its implementation will improve coordination among relevant stakeholders within government and private-sector, thereby reducing cybersecurity risks to control systems. ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Get Adobe Reader