This is part of a continuing series of blog posts about the latest DHS-IdeaScale project to open a public dialog about homeland security topics. This dialog addresses the DHS Integrated Task Force project to help advance the DHS implementation of the President’s Cybersecurity Framework outlined in EO 13636. The earlier post in this series was:
New ICS Security Idea
Today Bryan Owen submitted a new idea to the ITF-IdeaScale cybersecurity discussion site addressing the establishment of a security reputation program to “to classify and rank the security reputation for internet accessible assets”. This is the second ICS related posting to the site.
ICS security professionals should review Bryan’s post on the site and post their comments and cast their vote on the idea. While you’re there check out my post as well. And you might as well post an idea of your own. And facility owners and control system operators should also consider getting involved in these discussions.
There has been an interesting discussion about my earlier post on this topic over on the LinkedIn ICS-ISAC group. Sam Cox expressed some reservations about an open group discussion like this IdeaScale program, noting that it is “unvetted and does not meet the security needs many of my customers seek for professional collaboration”. He is correct in noting that an open source group like IdeaScale is not an appropriate place to discuss detailed security measures, but it is not clear that the Cybersecurity Framework will include those kinds of details.