Monday, October 14, 2013

ICS-CERT Defense in Depth Paper

I was more than a little surprised this afternoon when I saw the following listed on the ICS-CERT web page:

Recently Published
·         Abstract: Defense-in-Depth RP
10/14/2013 - 12:24
[NOTE: As of 11:30 CDT, 10-15-13 This link has been removed]

Here I thought that the fiscal fiasco was limiting the operations of organizations like ICS-CERT and here they are publishing a paper on the very important topic of defense in depth. I eagerly clicked on the link provided and was taken to an abstract for the paper. There wasn’t anything really new in the abstract, but hoping that that was due to poor writing, I clicked on the link to the actual paper and I was taken to a .PDF document with the following title:

Recommended Practice:
Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
October 2009 [emphasis added]

While this four year-old paper undoubtedly has some valuable information in it, advertising this as “Recently Published” smacks of the cheapest form of bait-and-switch advertising. The only saving grace is that falling for the tactic only cost me a couple of minutes of my time, not any cash out of pocket.

If ICS-CERT wanted to re-emphasize the information in this document; certainly a good idea in light of the information I blogged about this weekend; a suitable blurb explaining that fact would go a long way to getting people to actually read the document. I got no further than the date on the title page and exited the document.

The federal government has lost a lot of credibility in the last couple of weeks and silliness like this does little to remedy the situation.

No comments:

/* Use this with templates/template-twocol.html */