The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued a an advisory last week warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
The alert, which was made available only to authorized entities, provided advice on mitigation techniques and prescribed specific measures that should be undertaken to avoid disruption to services such as power and water delivery. An accompanying document outlined key indicators of an attack and guidelines for monitoring and detection efforts.
The advisory is a good example of improved efforts to break down information silos between government agencies as well as improve the mechanisms to share threat information with the private sector, said Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC).
According to the organization, ICS-ISAC exists to bring together the private sector partners and stakeholders for the purpose of sharing knowledge about risks, threats and best practices across our shared critical infrastructure. The Center was created to provide the ICS community with a common platform where collaboration can be performed in an environment best suited to the needs of all involved parties.
“The ability to effectively share information has marked the progress of human social evolution since the dawn of time. In the Communication Age, the need to more efficiently share a growing volume of increasingly targeted information among expanding communities defines the challenges facing cultures,” Blask said in an interview.
“For those who are responsible for maintaining the security of information structures, there is no more pressing topic.”
On February 12th of this year, President Obama issued an Executive Order :Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD-21), both of which were designed to foster improvements in information sharing efforts among government agencies as well as between government and the private sector.
“Both documents emphasize the need to improve information sharing as a fundamental component of improving national security. ICS-ISAC is working with its members to develop an open reference architecture for situational awareness, both in support of these initiatives and as part of performing its core mission,” said Blask.
The president made the decision to issue the Executive Order and Policy Directive after years of partisan bickering prevented any significant cybersecurity legislation from being passed. Networks used to control elements of the nation’s critical infrastructure tend to be legacy systems, and when designed did not take into account the advent of the Internet and the prospect that the systems would ever be exposed to compromise via the web.
The fact that these systems are so vulnerable, yet at the same time so critical to the function of the nation and commerce, the need to better share intelligence on potential threats and active attacks is more important than ever. The good news is we already have the mechanisms to deploy such systems for information sharing at our disposal, according to Blask.
“Today we stand with all of the components in our hands from which to construct effective realtime situational awareness of our shared infrastructure. The basic technical tools necessary to create situational awareness at facilities have been developed and available for more than a decade,” said Blask.
“Knowledge sharing structures such as STIX and TAXII have recently been released in 1.0 versions, IODEF has been in use for more than five years. The REN-ISAC CIF system has developed a mechanism in use today among academic institutions which is being used to provide active shared defenses around the clock. In the public and private sectors, in technical, policy and procedural areas, the basic building blocks required have already been created from which we can build shared security,” Blask continued.
The ICS-CERT advisories are just a drop in the bucket, but show a trend in the right direction. “The type of information and detail that [ICS-CERT] is now delivering in these intelligence reports to the community has dramatically improved in the last 18 months,” SANS’ Tim Conway told the Washington Post.
Conway will be joining Blask on Wednesday May 15th from 1-2:30 PM ET for the ICS-ISAC Monthly Public Briefing. The panel will also include Michael Murray from CERT/CC at Carnegie Melon Universityand Marc Blackmer from Sourcefire in what will be the the first of a series of panel discussions on the evolution of public-private information sharing.
The series will begin with an analysis of historical information sharing efforts and lead up to the development of the ICS-ISAC’s Realtime Knowledge Sharing Reference Architecture.
According to ICS-ISAC’s press release on the panel discussions, they are “designed to benefit both the technical & non-technical attendee the ICS-ISAC Public Briefing series takes a no-nonsense approach to addressing issues that cut across industry, sector, and job function. So whether you are hands-on ICS, administrator, or C-level decision-maker you will find valuable information that you can take and implement to further secure your industrial control systems.”
You can join in with this session by registering here prior to the event.
Image courtesy of ShutterStock