Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Control Systems

Highlights

Program Announcements

Recommended Practice: Creating Cyber Forensics Plans for Control Systems
August 25, 2008

This document addresses the issues encountered in developing and maintaining a cyber forensics plan for control systems environments. This recommended practice supports forensic practitioners in creating a control systems forensics plan, and assumes evidentiary data collection and preservation using forensic best practices. The goal of this recommended practice is not to reinvent proven methods, but to leverage them in the best possible way. As such, the material in this recommended practice provides users with the appropriate foundation to allow these best practices to be effective in a control systems domain.

Critical Infrastructure and Control Systems Security Curriculum
June 11, 2008

The Critical Infrastructure and Control Systems Security Curriculum is designed as a tool to be employed by an instructor for use in creating a masters-level professional course on Critical Infrastructure and Control Systems Security. The objective of any course constructed with this tool will to convey fundamental organizational and economic principles required to (1) effectively manage high-impact risk to infrastructure services, and (2) design and implement public policies and business strategies that mitigate such risks. Even though many of the case examples are drawn from control systems, the principles will apply to other critical infrastructure situations.

A December 10, 2007 SANS Consensus Document details successful projects undertaken by US government agencies to implement the National Strategy to Secure Cyberspace
December 19, 2007

Three white papers, "Understanding OPC and How it is Deployed", "OPC Exposed", and "Hardening Guidelines for OPC Hosts" provide: an overview of OPC Technology and how it is actually deployed in industry; outline the risks and vulnerabilities incurred in deploying OPC in a control systems environment; and summarize current good practices for securing OPC applications running on Windows-based hosts.
January 14, 2008

Lofty Perch to License DHS Control Systems Self Assessment Tool (CS2SAT)
February 27, 2008

Lofty Perch, Inc. recently announced that it has been selected by the Department of Homeland Security to be a licensed distributor of the DHS Control Systems Cyber Security Self-Assessment Tool (CS2SAT). This application, created at the Idaho National Laboratory for the DHS National Cyber Security Division, was developed specifically to assist SCADA and Process Control System-users in improving the cyber security posture of their control systems. The CS2SAT application is a security assessment support tool based on industry standards, best practices, and
regulatory guidance, and assists asset owners and operators in identifying actionable mitigations for their control system architectures. (more)

ISA Automation Standards Compliance Institute to distribute DHS NCSD Control Systems Self Assessment Tool (CS2SAT)
February 27, 2008

The ISA Automation Standards Compliance Institute (ASCI) recently completed an agreement with the Idaho National Laboratory to distribute CS2SAT on behalf of the United States Department of Homeland Security. The tool is distributed with a training video, online documentation and, 2 hours of phone support from control systems cyber security specialists to help licensees structure their self assessment approach.

The CS2SAT was developed by the Control Systems Security Program of the Department of Homeland Security's National Cyber Security Division. The purpose of the CS2SAT is to provide organizations that use SCADA
(Supervisory Control and Data Acquisition) and industrial control systems, with a self-assessment tool for evaluating the security of the control system. The tool pulls its recommendations from a database of the best available cyber security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate specific security vulnerabilities. (more)

Online training - OPSEC for Control Systems
January 14, 2008

This innovative, web-based course introduces control systems employees to the basic concepts of operations security (OPSEC) and applies these concepts to the control system environment. Course lessons let you check
your understanding of the concepts with interactive exercises in which you explore different environments to discover problems. You even have the opportunity to play the "bad guy" and try to disrupt a competitor's
manufacturing process.
Check out the training course OPSEC for Control Systems.

Catalog of Control Systems Security: Recommendations for Standards Developers
January 14, 2008

This catalog presents a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks. It is not limited for use by a specific industry sector but can be used by all sectors to develop a framework needed to produce a sound cyber security program. It should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in this catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security needs.

Cyber Security Response to Physical Security Breaches
November 28, 2007

Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically been viewed as traditional property crimes where trespass, theft, and vandalism were the motives. However, the current trend of using computer networks to remotely monitor and control unmanned facilities has also increased the possibility that these physical property crimes could be used to conceal less discernible cyber crimes. A topical paper has been prepared and posted on the US-CERT website that provides discussion and guidance for the security managers of these facilities. This paper, "Cyber Security Response to Physical Security Breaches" utilizes an electrical substation break-in scenario to illustrate steps that can be taken to assist security managers to determine whether a cyber security intrusion may have occurred. It offers a process for escalation of the investigation to determine extent of the intrusion and steps to initiate a recovery to a known state. Feedback is welcome and can be sent to cssp@hq.dhs.gov.

The Chemical Sector Cyber Security Program has announced the release of a guidance document outlining the Department of Homeland Security's Protected Critical Infrastructure Information Program.
August 22, 2007
"Using the Protected Critical Infrastructure Information (PCII) Program to Share Information with the Department of Homeland Security" is a first step in helping chemical companies develop practices and obtain information so that they can share information with DHS in a secure manner.

Recommended Practices Guide Securing ZigBee Wireless Networks in Process Control System Environments (Draft) released
July 11, 2007
This paper addresses design principles and best practices regarding the secure implementation and operation of ZigBee wireless networks. Its focus is on the secure deployment of ZigBee networks in industrial environments, such as manufacturing and process automation facilities.

ZigBee is a protocol specification and industry standard for a type of wireless communications technology generically known as Low-Rate Wireless Personal Area Networks (LR-WPAN). LR-WPAN technology is characterized by low-cost, low-power wireless devices that self-organize into a short-range wireless communication network to support relatively low throughput applications such as distributed sensing and monitoring.

The document begins with a conceptual overview of LR-WPAN technology and the role that the ZigBee protocol plays in the development and standardization process. A section on the IEEE 802.15.4 specification upon which ZigBee is based is then presented, followed by a description of the ZigBee standard and its various components. A following section describes the ZigBee security architecture, services, and features. Next, a section on secure LR-WPAN network design principles is presented, followed by a list of specific recommended security best practices that can be used as a guideline for organizations considering the deployment of ZigBee networks. Finally, a section on technical issues and special considerations for installations of LR-WPAN networks in industrial environments is presented. A concluding section summarizes key points and is followed by a list of technical references related to the topics presented in this document.

New recommended practices and supporting document
February 28, 2007
Drafts of recommended practices "Securing WLANs Using 802.11i," and "Using Operational Security (OPSEC) to support a Cyber Security Culture in Control Systems Environments," and supporting document, "Recommended Practice Case Study: Cross-Site Scripting," have been posted to the Recommended Practices website to assist asset owners and operators in security techniques to reduce the risk to cyber attacks. "Securing WLANs Using 802.11i" addresses design principles and best practices regarding the secure implementation and operation of Wireless LAN (WLAN) communication networks based on the IEEE 802.11 protocol. "Using Operational Security (OPSEC) to support a Cyber Security Culture in Control Systems Environments" reviews several key operational cyber security elements that are important for control systems and industrial networks and how those elements can drive the creation of a cyber security-sensitive culture. In doing so, it provides guidance and direction for developing operational security strategies including: creating cyber OPSEC plans for control systems, embedding cyber security into the operations life cycle, and creating technical and nontechnical security mitigation strategies. "Recommended Practice Case Study: Cross-Site Scripting" describes the details of an information security attack, known as cross-site scripting, which could be used against control systems, and explains practices to mitigate this threat.

Web-based cyber security training
February 13, 2007
The web-based training, "Cyber Security for Control Systems Engineers & Operators" is intended for control system (also referred to as SCADA, DCS, or PCS) employees whose primary job is not cyber security. The training consists of five lessons covering threats, risks, cyber attacks, risk assessments and mitigations for control systems. The "Threats and Risks" lesson describes the security threats to control systems and provides examples to illustrate these threats. The "Specific Risks to Control Systems" lesson provides a demo of a control system cyber attack and discusses some of the specific risks to control systems. The "Cyber Attacks" lesson introduces the cyber attack process. The "Risk Assessment and Mitigation Overview" lesson defines terms used to describe risk assessment and mitigation and provides an overview of the process. Finally, the "Mitigation for Control Systems" lesson discusses cyber security concerns specific to control systems and describes methods for mitigation some of these risks. The training will take about 50 minutes to complete.

To connect to the training:

  1. Click here to access the training site and click on "create an account now"
  2. Enter registration information and click "Submit"
  3. Enter your newly created userid/password, which is your email address entered and the password you chose.
  4. Click on "Cyber Security for Control Systems Engineers & Operators"
  5. You will be asked to complete a short demographic survey prior to beginning the training on the page titled "Please Tell Us About Yourself"
  6. After clicking submit, you'll be taken to a "Registration Complete" page.
  7. Simply click on "Cyber Security for Control Systems Engineers & Operators" to begin the training. The registration process occurs only once, but allows us to create an account that can be used multiple times (leave and return to the training as many times as you like) along with gathering information about those that access the training.
The first screen of the training gives an overview of how to use the interactive environment of online learning effectively along with giving the course overview. This training was developed through the Control Systems Security Program, established by the U.S. Department of Homeland Security National Cyber Security Division.

NIAC makes public report
February 13, 2007
The National Infrastructure Advisory Council (NIAC) provides the President, through the Secretary of Homeland Security, with advice on the security of the critical infrastructure sectors and their information systems. The Council has made public a report it approved January 16. 2007: Convergence of Physical and Cyber Technologies and Related Security Management Challenges Working Group Final Report and Recommendations. Their other reports and recommendations can be found at http://www.dhs.gov/niac.

Government, Process Control Vendors Work Together to Increase Cyber Security
January 9, 2007
The Control Systems Cyber Security Vendors Forum was formed by a group of industrial automation, control systems, and SCADA vendors along with the National Cyber Security Division of the U. S. Department of Homeland Security. The purpose of the forum is to facilitate collaboration between government and vendors, and to provide vendors an open forum to discuss common issues that affect control systems security. It is open to all industrial automation, control systems and SCADA vendors. To join this Forum, please email CSSP@hq.dhs.gov. Additional information can be found in the press release for the Control Systems Cyber Security Vendors Forum.

DHS Proposed Regulations May Affect Control Systems
January 9, 2007
The proposed regulations regarding security at high-risk chemical facilities may affect how companies are required to secure access to their process control systems. A quick read of the proposed regulations under 6 CFR Part 27 indicates that each covered facility must implement measures to deter cyber sabotage, including critical process controls and SCADA systems.

Potential Vulnerabilities in Municipal Communications Networks
December 5, 2006
Potential Vulnerabilities in Municipal Communications Networks provides a discussion of risks associated with the integration of local networks and recommendations to aid city managers in establishing and maintaining protection of these integrated networks. The whitepaper was written by the DHS National Cyber Security Division, Control Systems Security Program to increase awareness of city managers of increased risk and unintended consequences that may result from the integration of local networks.

DHS recognizes that the upgrading of network technologies in municipalities to improve the efficiency of operations by connecting previously independent systems and to provide new sources of revenue is a prevalent practice. The maintenance of adequate cyber security to protect both the information and physical infrastructure is a significant issue when municipal managers take advantage of these technologies.