This is part of a continuing series of blog posts about the latest DHS-IdeaScale project to open a public dialog about homeland security topics. This dialog addresses the DHS Integrated Task Force project to help advance the DHS implementation of the President’s Cybersecurity Framework outlined in EO 13636. The earlier post in this series was:
Earlier today the IdeaScale people moved my Friday idea submission from submitted to posted. This idea is based upon the ICS-CERT story about pipeline booster station attacks earlier this year. Unless you are signed up for the US-CERT restricted portal and logged in with the Control Systems Compartment there, you still would not have access to the list of the IPs involved in that attack. I have long recommended that facility security managers and cybersecurity managers should sign up with both the US-CERT secure portal and with Homeland Security Information Network. These should both be useable sources of sensitive but not classified intelligence information of interest to security managers.
The IdeaScale posting puts that recommendation into another venue and suggest that participation in the US-CERT site should be mandatory for facilities identified as high-risk critical infrastructure facilities under the President’s cybersecurity Executive Order (EO 1336).
I have had some interesting feedback on the ideas that I have submitted to date on the DHS ITF IdeaScale Cybersecurity Project. That is what I like about contributing to these IdeaScale projects; ideas can get discussed in a public venue with input from a wide variety of personnel with different backgrounds and experiences. Anyone can put forward an idea, and everyone can respond to that idea in a public venue that can engender further input.
Once again, I would like to take the opportunity to urge everyone to visit this IdeaScale site and put in your two cents worth. If you have no more time available than to read a couple of the ideas that catch your fancy, please vote on whether or not you thing the idea has merit. If you have more time available, contribute a comment like Richard did; it will add to the discussion. But better yet, put one of your ideas down on paper and then post it to the site for others to read, vote upon and discuss. Be a real contributor to the development of national policy.