ICS-CERT provides cyber security update on industrial control systems
When industrial control systems (ICS) are compromised by cyber security threats, the U.S. government provides a confidential way to share knowledge of the threat and get help. ICS-CERT helps mitigate cyber risk in control systems and embedded systems including vendor testing, on-site assessments, and training. Jeff Gray, with the U.S. Dept. of Homeland Security, outlines the latest industrial control system security issues and cyber security recommendations from the Cyber Emergency Response Team (CERT), at the 2015 CSIA Executive Conference.
"We want YOU (to share your cyber security threats) with us," to paraphrase the U.S. federal government. If an industrial control system (ICS) or attached systems has been breached with a cyber security threat, share the information confidentially, so you and others can benefit.
"We reduce cyber security risk for critical infrastructure," explained Jeff Gray, unit chief for training and outreach, U.S. Dept. of Homeland Security, Arlington, Virginia, Industrial Control System (ICS) Cyber Emergency Response Team (CERT). The organization also is making available version 7.1 of the Cyber Security Evaluation Tool, a free download to help the private and public sector report events. Gray made his comments on May 1 at the 2015 CSIA Executive Conference, in Arlington. CSIA stands for Control System Integrators Association.
ICS-CERT helps mitigate cyber risk in control systems and embedded systems including vendor testing, on-site assessments, and training. Gray said the organization provides a mechanism for organizations to share knowledge about cyber security risks without being identified, and provides recommendations and training based on that knowledge.
Gray is also the program lead for the Industrial Control System Joint Working Group within ICS-CERT. ICS-CERT reaches out to automation vendors, users, and system integrators with information about threats, without sales pitches.
"Information sharing has taken off," Gray said, noting that all presentations are available online, and three levels of training are available, two online courses and advanced, in-person training in Idaho Falls, Idaho. ICS-CERT also can remove any threats in a system, and, "Depending on severity we may take a very active role in helping out to mitigate threats, with vendors and the community."
Assessment levels, incident handling
The Advanced Analytical Laboratory has bi-annual meetings, provide a Roadmap to Secure Control Systems, and a forum for current issues. Three levels of assessment are:
- To walk through the tool
- Provide an architectural review, mapping networks and looking at strengths and weakness
- Analyze network traffic.
Services and available tools are also expanding from the private sector to federal buildings.
Gray said confidential incident handling, which requires a legal agreement with participants, has trended upward, with a spike in 2013 because of an organized campaign against the pipeline and energy sector with:
- 140 in 2011
- 197 in 2012
- 257 in 2013
- 243 in 2014.
There are tens of thousands of incidents out there, Gray said, including network mapping, denial of services, stolen or denied capabilities, intellectual property loss, and national security type incidents. Threats, advanced persistent threats, come from profit-motivated criminals to country-level threats reported in the news.
Defense in depth strategies are recommended to lower organizations’ risk to cyber security vulnerabilities, Gray said.
– Mark T. Hoske, content manager, CFE Media, Control Engineering, firstname.lastname@example.org.
Learn more about ICS-CERT.
See the Control Engineering cyber security page.
Also search ICS-CERT atop www.controleng.com.
See additional coverage from the CSIA Executive Conference linked below.