This afternoon the DHS ICS-CERT published the latest version of the ICS-CERT Monitor. I have been a pretty harsh critic of recent issues of this publication, but, with this issue, I am returning to recommending that ICS-CERT owners read and circulate the document.
I was disappointed with the initial article on information sharing, particularly since it was started with a report of a potential control system compromise on a system that wasn’t compromised. I understand that this is probably a not-unusual occurrence, but it would have made a stronger case for incident reporting if the lead-in story was about a compromised system that was caught before the compromise was exploited. Having said that, a very good point was made in the article about the importance of system logging.
The two lengthy articles in this issue were both well done. The discussion about trends in malware will probably be a little basic for security savvy IT or operations administrators, but it would be a good article to share with plant management. It is a nice overview of malware history leading into potential problems with IIOT.
The second article should, on the other hand, be required reading for everyone in the cyber enterprise, not just industrial control systems. The problem of the disposal of inadequately scrubbed computers spans IT, ICS and personal computing. And it gives nice props to Wighman, Sistrunk and Toecker who worked on the problem with ICS-CERT.
There are a number of short articles that may be of interest to those of us keeping up with things going on in the ICS world. They include:
• ICS-CERT at DEF CON and Black Hat;
• Section 508 and Accessibility;
• ICS-CERT Virtual Learning Portal Upgrade;
• Industrial Control Systems Joint Working Group Meetings;
Again, this issue is much improved over those that were produced recently. I really want to encourage ICS-CERT to keep up the quality and applicability of the information presented in the Monitor. If they do, this will be another valuable tool for that organization to share information with the control system security community.