|
The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov. Assistant Secretary Schaffer dedicates Industrial Control Systems Cyber Emergency Response Team capability Department of Homeland Security (DHS) officially launched the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) coordination center with a dedication ceremony led by DHS Assistant Secretary for Cybersecurity and Communications Greg Schaffer in Idaho Falls, Idaho. The ICS-CERT is the nation’s first dedicated response center aimed at reducing the frequency and effect of cyber attacks on industrial control systems. The ICS-CERT was created earlier this year to coordinate global efforts and respond to cyber vulnerabilities and threats affecting the industrial control systems that operate critical infrastructure and key resources. Industrial control systems include supervisory control and data acquisition, process control, distributed control and other digital devices that monitor and manage critical operations within chemical facilities, oil and gas refineries, power plants, transportation systems and many more. The ICS-CERT addresses security threats to control systems and provides a means to share information across all sectors. Additionally, the ICS-CERT is one of the principal components of the Strategy to Secure Control Systems, providing a central mechanism for coordinating incident response and stakeholder efforts to effectively manage cybersecurity risk. Located at Idaho National Laboratory (INL) and managed by the DHS Control Systems Security Program (CSSP), the response team will monitor, collect, and analyze cyber incidents reported by industrial control systems stakeholders across all sectors of the nation’s critical infrastructure. "This facility will serve an important and critical role in ensuring we are prepared, aware, and capable of protecting our networks and defending our critical infrastructures going forward," Schaffer said at the dedication. More information about ICS-CERT. [11 November 2009]
|
What's NewAs the lead federal agency involved in industrial control systems cybersecurity for Critical Infrastructure and Key Resources (CIKR), DHS National Cyber Security Division (NCSD) issued the Strategy for Securing Control Systems, which focuses on the vision and elements for coordinating activities to improve control systems security in the nation’s critical infrastructures. Marty Edwards, Program Manager for the DHS Control Systems Security Program, was the keynote speaker at the 2009 ISA Expo on Oct. 7. To read InTech's coverage of Edward's keynote, check out the two articles below: CSSP has released a new revision of the Catalog of Control Systems Security: Recommendations for Standards Developers. It now includes NIST SP800-53 Revision 3 Final Public Draft and NERC CIP-002-2 through CIP-009-2 in its Cross Reference of Standards. A new revision of Cyber Security Procurement Language for Control Systems has been released by CSSP. In this revision, Section 13 has been added. It addresses Wireless Technologies. A new Recommended Practice, Developing an Industrial Control Systems Cybersecurity Incident Response Capability has been released. It presents recommendations to help facilities that use control systems better prepare for and respond to a cyber incident regardless of source. HighlightsNow available: Developing an Industrial Control Systems Cybersecurity Incident Response Capability CSSP has released a new Recommended Practice, Developing an Industrial Control Systems Cybersecurity Incident Response Capability. The document presents recommendations to help those facilities that use control systems better prepare for and respond to a cyber incident regardless of source. It also suggests ways to learn from incidents and to strengthen the system against potential attacks. The document includes accepted methods and approaches from tradition information technology, but is primarily focused on the unique aspects of industrial control systems. [7 October 2009] ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Get Adobe Reader