This is part of a continuing series of blog posts about the latest DHS-IdeaScale project to open a public dialog about homeland security topics. This dialog addresses the DHS Integrated Task Force project to help advance the DHS implementation of the President’s Cybersecurity Framework outlined in EO 13636. The earlier post in this series was:
This post deals with a new idea that I submitted to the DHS-IdeaScale project last night. It describes the problem of vulnerabilities being found (and fixed) in ICS applications and then discovering that the application is used in multiple ICS systems that need to have the vulnerability resolved all over again. Coordination of various vendor efforts in instances like this would probably be most effectively accomplished through a central agency like ICS-CERT.
Once again, I urge everyone in the control system security community to join in this dialog, commenting, voting and presenting ideas of your own. It is not often that a government agency gives individuals in the affected communities the opportunity to help in establishing the regulations that govern so much of our lives. Take the opportunity while you can.