|
The goal of the DHS National Cyber Security Division's CSSP is to reduce control system risks within and across all critical infrastructure sectors by coordinating efforts among federal, state, local, and tribal governments, as well as control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities. These risk-mitigation activities have resulted in the following tools:
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov. Recommended Practice: Creating Cyber Forensics Plans for Control Systems Cyber forensics has been in the popular mainstream for some time, and has matured into an information-technology capability that is common among modern information security programs. However, modern control systems environments are not easily configurable to accommodate forensics programs. Nonstandard protocols, legacy architectures that can be several decades old, and irregular or extinct proprietary technologies can all combine to make the creation and operation of a cyber forensics program anything but a smooth and easy process. Recommended Practice: Creating Cyber Forensics Plans for Control Systems takes the traditional concepts of cyber forensics and provides direction
regarding augmentation for control systems operational environments. The
goal is to provide guidance to the reader with specifics relating to the Cyber Security Procurement Language for Control Systems The U.S. Department of Homeland Security Control Systems Security
Program, Idaho National Laboratory, Chief Information Security Officer
of New York State, and the SANS Institute established an initiative in
March 2006 to bring public and private sector entities together to
improve the security of control systems. The Cyber Security Procurement
Language Project Workgroup comprises 242 public and private sector Critical Infrastructure and Control Systems Security Curriculum The Critical Infrastructure and Control Systems Security Curriculum is designed as a tool to be employed by an instructor for use in creating a masters-level professional course on Critical Infrastructure and Control Systems Security. The objective of any course constructed with this tool will be to convey fundamental organizational and economic principles required to (1) effectively manage high-impact risk to infrastructure services, and (2) design and implement public policies and business strategies that mitigate such risks. Even though many of the case examples are drawn from control systems, the principles will apply to other critical infrastructure situations |
What's NewRecently released, Version 2.0 of the Control System Cyber Security Self-Assessment Tool (CS2SAT) incorporates additional standards and improved functionality. The CS2SAT provides users with a systematic and repeatable approach for assessing the cyber security posture of their industrial control system networks. The Water Environment Research Foundation (WERF) and the American Water Works Association Research Foundation (AwwaRF) are new distributors of the Control System Cyber Security Self-Assessment Tool (CS2SAT) to the water and waste water sector. Additional documentation has been added to many of the system elements on the Secure Architecture Design webpage. Hover over the various areas of the graphic and click inside the dashed box to link to the additional information. Defense in Cyberspace - Beating Cyber Threats That Target Mesh Networks added to Articles Cyber Security Procurement Language for Control Systems provides
information and specific examples of procurement language text to assist
the control systems community in establishing sufficient control systems
security controls within contract relationships to ensure an acceptable
level of risk. The DHS Control Systems Security Program sponsored an advanced training
workshop on August 18-21 at its Control Systems Security Center in Idaho
Falls. Control systems vendors and industry users obtained intensive
hands-on training for the protection and hardening of control systems
from cyber attacks. This included attacking and defending an actual
control systems environment.
HighlightsRecommended Practice: Creating Cyber Forensics Plans for Control Systems This document addresses the issues encountered in developing and maintaining a cyber forensics plan for control systems environments. This recommended practice supports forensic practitioners in creating a control systems forensics plan, and assumes evidentiary data collection and preservation using forensic best practices. The goal of this recommended practice is not to reinvent proven methods, but to leverage them in the best possible way. As such, the material in this recommended practice provides users with the appropriate foundation to allow these best practices to be effective in a control systems domain. ReportingThe CSSP is interested in learning of suspicious cyber incidents which occur within or may have an impact on the control systems environment. Use the buttons to the left to report cyber-related incidents and vulnerabilities to the Control Systems Security Center at US-CERT.
|
Get Adobe Reader