HighlightsProgram AnnouncementsRecommended Practice: Creating Cyber Forensics Plans for Control Systems This document addresses the issues encountered in developing and maintaining a cyber forensics plan for control systems environments. This recommended practice supports forensic practitioners in creating a control systems forensics plan, and assumes evidentiary data collection and preservation using forensic best practices. The goal of this recommended practice is not to reinvent proven methods, but to leverage them in the best possible way. As such, the material in this recommended practice provides users with the appropriate foundation to allow these best practices to be effective in a control systems domain. Critical Infrastructure and Control Systems Security Curriculum The Critical Infrastructure and Control Systems Security Curriculum is designed as a tool to be employed by an instructor for use in creating a masters-level professional course on Critical Infrastructure and Control Systems Security. The objective of any course constructed with this tool will to convey fundamental organizational and economic principles required to (1) effectively manage high-impact risk to infrastructure services, and (2) design and implement public policies and business strategies that mitigate such risks. Even though many of the case examples are drawn from control systems, the principles will apply to other critical infrastructure situations. A December 10, 2007 SANS Consensus Document details successful projects undertaken by US government agencies to implement the National Strategy to Secure CyberspaceDecember 19, 2007 Three white papers, "Understanding OPC and How it is Deployed", "OPC Exposed", and "Hardening Guidelines for OPC Hosts" provide: an overview of OPC Technology and how it is actually deployed in industry; outline the risks and vulnerabilities incurred in deploying OPC in a control systems environment; and summarize current good practices for securing OPC applications running on Windows-based hosts. Lofty Perch to License DHS Control Systems Self Assessment Tool (CS2SAT) Lofty Perch, Inc. recently announced that it has been selected by the
Department of Homeland Security to be a licensed distributor of the DHS
Control Systems Cyber Security Self-Assessment Tool (CS2SAT). This
application, created at the Idaho National Laboratory for the DHS
National Cyber Security Division, was developed specifically to assist
SCADA and Process Control System-users in improving the cyber security
posture of their control systems. The CS2SAT application is a security
assessment support tool based on industry standards, best practices, and ISA Automation Standards Compliance Institute to distribute DHS NCSD
Control Systems Self Assessment Tool (CS2SAT) The ISA Automation Standards Compliance Institute (ASCI) recently completed an agreement with the Idaho National Laboratory to distribute CS2SAT on behalf of the United States Department of Homeland Security. The tool is distributed with a training video, online documentation and, 2 hours of phone support from control systems cyber security specialists to help licensees structure their self assessment approach. The CS2SAT was developed by the Control Systems Security Program of the
Department of Homeland Security's National Cyber Security Division. The
purpose of the CS2SAT is to provide organizations that use SCADA Online training - OPSEC for Control Systems This innovative, web-based course introduces control systems employees
to the basic concepts of operations security (OPSEC) and applies these
concepts to the control system environment. Course lessons let you check Catalog of Control Systems Security: Recommendations for Standards
Developers This catalog presents a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks. It is not limited for use by a specific industry sector but can be used by all sectors to develop a framework needed to produce a sound cyber security program. It should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in this catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security needs. Cyber Security Response to Physical Security Breaches Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically been viewed as traditional property crimes where trespass, theft, and vandalism were the motives. However, the current trend of using computer networks to remotely monitor and control unmanned facilities has also increased the possibility that these physical property crimes could be used to conceal less discernible cyber crimes. A topical paper has been prepared and posted on the US-CERT website that provides discussion and guidance for the security managers of these facilities. This paper, "Cyber Security Response to Physical Security Breaches" utilizes an electrical substation break-in scenario to illustrate steps that can be taken to assist security managers to determine whether a cyber security intrusion may have occurred. It offers a process for escalation of the investigation to determine extent of the intrusion and steps to initiate a recovery to a known state. Feedback is welcome and can be sent to cssp@hq.dhs.gov. The Chemical Sector Cyber Security Program has announced the release of a guidance document outlining the Department of Homeland Security's Protected Critical Infrastructure Information Program. Recommended Practices Guide Securing ZigBee Wireless Networks in Process Control System Environments (Draft) released ZigBee is a protocol specification and industry standard for a type of wireless communications technology generically known as Low-Rate Wireless Personal Area Networks (LR-WPAN). LR-WPAN technology is characterized by low-cost, low-power wireless devices that self-organize into a short-range wireless communication network to support relatively low throughput applications such as distributed sensing and monitoring. The document begins with a conceptual overview of LR-WPAN technology and the role that the ZigBee protocol plays in the development and standardization process. A section on the IEEE 802.15.4 specification upon which ZigBee is based is then presented, followed by a description of the ZigBee standard and its various components. A following section describes the ZigBee security architecture, services, and features. Next, a section on secure LR-WPAN network design principles is presented, followed by a list of specific recommended security best practices that can be used as a guideline for organizations considering the deployment of ZigBee networks. Finally, a section on technical issues and special considerations for installations of LR-WPAN networks in industrial environments is presented. A concluding section summarizes key points and is followed by a list of technical references related to the topics presented in this document. New recommended practices and supporting document
Web-based cyber security training To connect to the training:
NIAC makes public report Government, Process Control Vendors Work Together to Increase Cyber Security
DHS Proposed Regulations May Affect Control Systems Potential Vulnerabilities in Municipal Communications Networks DHS recognizes that the upgrading of network technologies in municipalities to improve the efficiency of operations by connecting previously independent systems and to provide new sources of revenue is a prevalent practice. The maintenance of adequate cyber security to protect both the information and physical infrastructure is a significant issue when municipal managers take advantage of these technologies.
|