|
The goal of the DHS National Cyber Security Division's CSSP is to reduce control system risks within and across all critical infrastructure sectors by coordinating efforts among federal, state, local, and tribal governments, as well as control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov. Free Control Systems Cyber Security Training On Wednesday February 4, 2009 the Department of Homeland Security Control Systems Security Program and the Department of Energy National SCADA Test Bed program, in conjunction with the SANS Process Control & SCADA Security Summit 2009 in Lake Buena Vista, Florida, is offering two eight hour training courses on control systems cyber security. The two courses are: Introduction to Control System Security for the IT Professional, and Intermediate Control Systems Security. These training courses are instructed by industry experts and provide participants an enhanced understanding of the importance of control systems cyber security. Class seats are limited and registration for a course will be closed once filled. Registration is limited to one course per person. The two courses are free of charge whether or not you attend the SANS Summit but registration for the course is required. You can register here. Recommended Practice for Patch Management of Control Systems Patch management of industrial control systems is critical to resolve security vulnerabilites and functional issues. The objective of a patch management program is to create a consistently configured environment that is secure against known vulnerabilities in operating system and application software. However, a single solution does not exist that adequately addresses the patch management processes of both traditional information technology (IT) data networks and industrial control systems (ICSs). While IT patching typically requires relatively frequent downtime to deploy critical patches, any sudden or unexpected downtime of ICSs can have serious operational consequences. As a result, there are more stringent requirements for patch validation prior to implementation in ICS networks. The Department of Homeland Security
(DHS) Control Systems Security Program (CSSP) recognizes that control systems owners/operators should have an integrated plan that identifies a separate approach to patch management for ICS. This document specifically identifies issues and recommends practices for ICS patch management in order to strengthen overall ICS security. Cyber Security Procurement Language for Control Systems The U.S. Department of Homeland Security Control Systems Security
Program, Idaho National Laboratory, Chief Information Security Officer
of New York State, and the SANS Institute established an initiative in
March 2006 to bring public and private sector entities together to
improve the security of control systems. The Cyber Security Procurement
Language Project Workgroup comprises 242 public and private sector |
What's NewThe U. S. Department of Homeland Security (DHS) has selected Industrial Defender as a licensed distributor of the Control System Cyber Security Self-Assessment Tool (CS2SAT), which is a software application tool that is designed to assist critical infrastructure asset owners and operators with a comprehensive approach for assessing the cyber security posture of industrial control system and Supervisory Control and Data Acquisition (SCADA) networks - View press release. Recommended Practice for Patch Management of Control Systems added to Recommended Practices.
The National Institute of Standards and Technology (NIST) released two
documents: SP 800-57, "Recommendation for Key Management Part 3:
Application Specific Key Management Guidance," is a draft document, and SP 800-64, "Security Considerations in the System Development Life
Cycle." They have been added to the Standards & References page. Homeland Security has control systems focus - more ABB PCU400 vulnerable to buffer overflow added to Vulnerability Notes Recently released, Version 2.0 of the Control System Cyber Security Self-Assessment Tool (CS2SAT) incorporates additional standards and improved functionality. The CS2SAT provides users with a systematic and repeatable approach for assessing the cyber security posture of their industrial control system networks. HighlightsRecommended Practice: Creating Cyber Forensics Plans for Control Systems This document addresses the issues encountered in developing and maintaining a cyber forensics plan for control systems environments. This recommended practice supports forensic practitioners in creating a control systems forensics plan, and assumes evidentiary data collection and preservation using forensic best practices. The goal of this recommended practice is not to reinvent proven methods, but to leverage them in the best possible way. As such, the material in this recommended practice provides users with the appropriate foundation to allow these best practices to be effective in a control systems domain. ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Get Adobe Reader