1 / 19

Activity Report for DHS Industrial Control Systems Joint Working Group (ICSJWG)

Activity Report for DHS Industrial Control Systems Joint Working Group (ICSJWG). For OSGug Meeting – SG Security Knoxville, TN – 28 February 2012 Ralph Mackiewicz SISCO, Inc. What is ICSJWG?.

elaine
Download Presentation

Activity Report for DHS Industrial Control Systems Joint Working Group (ICSJWG)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Activity Report for DHS Industrial Control Systems Joint Working Group (ICSJWG) For OSGug Meeting– SG Security Knoxville, TN – 28 February 2012 Ralph Mackiewicz SISCO, Inc.

  2. What is ICSJWG? • A collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) http://www.dhs.gov/files/committees/editorial_0843.shtm • www.us-cert.gov/control_systems/icsjwg/index.html • Primary means for private USA entities to interact with DHS on cyber security issues related to “industrial control systems” which is how energy control systems are classified. • Meets twice a year face to face • Working groups meet via telcon regularly • Quarterly newsletter

  3. Spring Meeting 2012

  4. Spring 2012 Meeting Highlights • Savannah, GA: • May 7: working group meetings • May 8-9: ICSJWG meeting (see site for agenda) • May 10: International Partners Day – Information sharing with invited international partners. • Idaho Falls, ID • May 14-18: INL Advanced Cybersecurity Training (Red/Blue Team)

  5. ICSJWG Subgroups • Sector coordinating council and government coordinating council (GCC/SCC) * • R&D • International • Workforce development * • Information Sharing • Roadmap ** • Vendor **

  6. ICS Roadmap Subgroup • Develop the Cross-Sector Roadmap as a resource for all sectors to provide a common lexicon and a set of ready to tailor models to develop sector specific roadmaps that incorporate cybersecurity and maturity of ICS as a supporting business model. • Provide and ongoing review of the state of ICS across all sectors.

  7. Cross Sector Roadmap

  8. Cross-Sector Roadmap • Cross Sector Roadmap https://cs.hsin.gov/C14/C1/RoadmapToSecureICS/Document%20Library/Cross%20Sector%20Roadmap/Final%20Roadmap%20-%20Post%202011%20Fall%20Conference/Cross-Sector%20Roadmap%20Sep%2030%202011-Final.pdf • Goals and Gap Analysis

  9. Vendor Subgroup • Regular Telcons • Main Activities • Vulnerability Disclosure Guidelines Whitepaper • Improve Communications Subcommittee

  10. Vulnerability Disclosure Whitepaper v3 • 2. Executive Summary • 3. Document Purpose • 4. Document Expectations • 5. Software Vulnerabilities • 5.1 Types of Vulnerabilities • 5.2 Mechanisms for Identifying Vulnerabilities • 6. Types of Disclosure • 6.1 Private Customer Disclosure • 6.2 Public Disclosure • 6.3 Third-Party Disclosure • 7. Vulnerability Disclosure Policy Components • 7.1 Foundation Elements • 7.2 Policy Commitments • 7.2.1 Distribution • 7.2.2 Deliverables • 7.2.3 Timelines • 7.2.4 Mitigations • 7.2.5Resolution • 7.3 Customer Deliverables • 7.3.1 Summary of Disclosure Policy • 7.3.2 Vulnerability Disclosure Policy Statement • 7.4 External Publications. • 7.4.1 Vulnerability Disclosure Policy Statement. • 7.5 Contact Mechanisms • 7.5.1 Security Webpage • 7.5.2 Security Email Address • 7.5.3 Anonymous Submission Form • 7.6 Classification of Vulnerabilities • 8. Appendix A – Terminology • 9. Appendix B – Sample Disclosure Policy • 10. Appendix C - References

  11. Improve Communications Subcommittee • Formed in response to persistent comments about gaps in information sharing • 2 areas of focus • Internal: communications among ICSJWG groups and activities • External: communications outside of ICSJWG • Done by May 2012

  12. Internal Communications • Require status reports by groups • Developing org chart and information flow diagrams • Review and address prioritized improvements • Tier 1 – Biggest impact. Completed by May • Tier 2 – Aditional improvements.

  13. External Communications Challenges • Terminology is a problem • “Sensitive” has an official meaning. • There already is a well established process for information sharing of Protected Critical Infrastructure Information (PCII). • The PCII Program enhances information sharing between the private sector and the government.

  14. PCII Information Flow Useful information ICS-CERT and other alerts

  15. Legitimate Concerns • PCII is shared with an understanding of confidentiality by those disclosing to DHS. • Some PCII is pretty darn “sensitive”. • Initial reaction to sharing PCII: “No #%$&#@! Way”

  16. Need a Solution • This information can only benefit industry if those in industry are given access and allowed to use it to improve security. • There must be a way to qualify/accredit firms and people to receive more detailed information than that which is currently shared. • Need to get government lawyers to understand the benefit.

  17. Realistic?

  18. Thank You Ralph Mackiewicz SISCO, Inc. 6605 19 1/2 Mile Road Sterling Heights, MI 48314 USA Tel: +1+586-254-0020 ext. 103 Fax: +1-586-254-0053 Mobile: +1-586-260-2571 ralph@sisconet.com

More Related