Well, I’ve been waiting awhile to be able to write this (see future post). Finally, I can:
It’s always interesting dealing with the somewhat schizophrenic nature of government messaging. While I understand the constraints, the risks, and the realities of trying to run a free-for-the-private sector service that actually DOES something in the government, it was always a little disheartening to hear (or read) people suggest that the government wasn’t doing anything for some of our cyber security problems, that it didnt have the services available, or “Well, I heard DHS started ICS-CERT, but I think they shut it down?” And, with the media so often just not getting it – and people so often not doing basic research – this happened more frequently than it should. So, now that I’m in the role of customer here (and not on the floor there), I can finally say:
If you’re an asset owner, a vendor, a service provider, a customer, or otherwise a stakeholder in private sector or government critical infrastructure / key resources, you should be aware of CSSP and ICS-CERT (ICS-CERT has been functioning, in its current form, since earlier this year).
To start with: The Control Systems Security Program (CSSP) is an offering out of Homeland Security which:
“attempts to…reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.”
This includes providing a FREE cyber security assessment tool, onsite assessment visits, and the well-run Industrial Control Systems Joint Working Group (ICSJWG) and its associated conferences. CSSP also provides a variety of free-training in Control Systems Security, both locally in DC as well as, for it’s hands-on Red/Blue Team training, in Idaho Falls.
Then, providing a tactical operational arm to the more strategic CSSP, ICS-CERT is a fully functioning free CERT service for your CIKR organizations. ICS-CERT will, as part of its mission:
- Provide onsite fly-away technical incident response
- Perform digital media analysis on media potentially affected by an incident
- Coordinate the responsible release of vulnerabilities (involving third party researchers, vendors, etc.)
- Provide timely situational awareness
- Coordinate national response, via its seats in the National Cybersecurity Communications and Integration Center (NCCIC), with US-CERT, NCC, Law Enforcement, and other organizations.
All you have to do, basically, is ask. They’ve assisted, during my tenure, quite a few organizations – large and small – and continue to do so.
(Importantly, ICS-CERT has neither a law-enforcement NOR a regulatory function. Their mission is to assist you in defending yourselves and responding to incidents. Your data is, and remains, yours, in any interaction with them. )
And you thought the government doesn’t do anything for cyber security :)
To contact ICS-CERT:
- Call the ICS-CERT Watch Floor: 1-877-776-7585
- Email regarding ICS related cyber activity: firstname.lastname@example.org
Their website is: http://ics-cert.org