This is part of a continuing series of blog posts about the latest DHS-IdeaScale project to open a public dialog about homeland security topics. This dialog addresses the DHS Integrated Task Force project to help advance the DHS implementation of the President’s Cybersecurity Framework outlined in EO 13636. The earlier post in this series was:
Security of Remote Infrastructure
Yesterday Scott Sklar posted a new ‘idea’ to ITFSCP site. He noted that:
“Many states leverage a portfolio of programs to deploy on-site renewable energy and distributed generation at cells towers, pipeline pumps (water, sewage, fuels), intersection signal lights, etc. so they are not tied to the grid, independently powered without fuel logistics, and are not controllable other than web-enabled diagnostics. This creates resiliency that is cybersecure.”
While I voted in general agreement with this idea, I did note in comments posted to the site that I had certain reservations about the claim of these systems being “cybersecure” just because they were only remotely controllable by ‘web-enabled diagnostics’. Over the last couple of years we have seen too many control systems with unintended remote access vulnerabilities to allow a general claim of security for any web accessible device.
A quick reminder here that the whole ITFCC program requires public participation in the suggestion, discussion, selection and implementation process. The ITFCC web site is a forum for suggesting and discussing ideas that could become parts of the process for the security of critical infrastructure cyber-systems. Failing to participate in that process makes it less likely that you will be satisfied with the products of that process; products that you may be compelled to employ.
Take a couple of minutes and look at my latest idea and the other ideas currently under discussion at the site. Provide comments where you feel appropriate; become part of the discussion. Vote up or down on all of the ideas that you feel you can or cannot live with. And more importantly, provide your own ideas on how we as a society can increase the security of the cyber-systems that are an integral part of our everyday lives.