The goal of the DHS National Cyber Security Division's CSSP is to reduce control system risks within and across all critical infrastructure sectors by coordinating efforts among federal, state, local, and tribal governments, as well as control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov. Recommended Practice: Creating Cyber Forensics Plans for Control Systems Cyber forensics has been in the popular mainstream for some time, and has matured into an information-technology capability that is common among modern information security programs. However, modern control systems environments are not easily configurable to accommodate forensics programs. Nonstandard protocols, legacy architectures that can be several decades old, and irregular or extinct proprietary technologies can all combine to make the creation and operation of a cyber forensics program anything but a smooth and easy process. Recommended Practice: Creating Cyber Forensics Plans for Control Systems takes the traditional concepts of cyber forensics and provides direction
regarding augmentation for control systems operational environments. The
goal is to provide guidance to the reader with specifics relating to the Cyber Security Procurement Language for Control Systems The U.S. Department of Homeland Security Control Systems Security
Program, Idaho National Laboratory, Chief Information Security Officer
of New York State, and the SANS Institute established an initiative in
March 2006 to bring public and private sector entities together to
improve the security of control systems. The Cyber Security Procurement
Language Project Workgroup comprises 242 public and private sector Critical Infrastructure and Control Systems Security Curriculum The Critical Infrastructure and Control Systems Security Curriculum is designed as a tool to be employed by an instructor for use in creating a masters-level professional course on Critical Infrastructure and Control Systems Security. The objective of any course constructed with this tool will be to convey fundamental organizational and economic principles required to (1) effectively manage high-impact risk to infrastructure services, and (2) design and implement public policies and business strategies that mitigate such risks. Even though many of the case examples are drawn from control systems, the principles will apply to other critical infrastructure situations |
What's NewCyber Security Procurement Language for Control Systems provides
information and specific examples of procurement language text to assist
the control systems community in establishing sufficient control systems
security controls within contract relationships to ensure an acceptable
level of risk. The DHS Control Systems Security Program sponsored an advanced training
workshop on August 18-21 at its Control Systems Security Center in Idaho
Falls. Control systems vendors and industry users obtained intensive
hands-on training for the protection and hardening of control systems
from cyber attacks. This included attacking and defending an actual
control systems environment. NERC Issues Reliability Advisories on February 26, 2008 Florida Outage NIST released Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. This publication provides comprehensive assessment procedures for the security controls in NIST Special Publication 800-53 (as amended) and important guidance for federal agencies in building effective security assessment plans. The United States Government Accountability Office (GAO) was asked to determine whether the Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, has implemented appropriate information security practices to protect its control systems. The GAO examined the security practices in place at several TVA facilities; analyzed the agency's information security policies, plans, and procedures against federal law and guidance; and interviewed agency officials who are responsible for overseeing TVA's control systems and their security. (What GAO found)
HighlightsRecommended Practice: Creating Cyber Forensics Plans for Control Systems This document addresses the issues encountered in developing and ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Control Systems
- CSSP Home
- Calendar
- Information Products
- Training
- Related Sites
- Standards & References
- Cyber Threats
- Cyber Vulnerabilities
- Self-Assessment Tool
- Recommended Practices
- FAQ
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more