Tuesday, May 25, 2010
CSSP Page Update 05-24-10
Just last week I updated you on the changes to the DHS-CERT Control System Security Page and I discussed their updated reporting procedures for industrial control system cyber incidents. Unfortunately, some of the information that I told you about has been removed from the CSSP main web page. DHS removed the email address for reporting ‘general cyber activity’ (firstname.lastname@example.org) as well as a second phone number. There hadn’t been an explanation of what that second number would be used for so that doesn’t seem to be a major change. The one change that I am disappointed to see is that DHS removed their offer to “provide onsite assistance, free of charge, to organizations that require immediate investigation and resolve in responding to a cyber attack.” I had noted that this type of assistance could be invaluable for facilities experiencing a cyber incident, especially since most facilities don’t have the necessary internal expertise to conduct these investigations or correct the problem. All was not negative in this latest change. DHS did move the link to their public-key to the main page so that facilities can encrypt confidential or sensitive business information when making their reports. Fortunately the links that I provided (and are still not available on the CSSP page) for the Phishing reporting procedure and reporting vulnerability issues are still active.