Stuxnet and Congress

It is interesting to see that the hearing listings are already starting to appear on Congressional Committee web pages; kind of early coming back from a long recess, especially for a lame duck session. Stuxnet will be one of the first subjects that the Senate Homeland Security and Governmental Affairs Committee will be looking at, with a hearing next Wednesday at 10:30 am EST.

The witness list provides an interesting mix of folks. It includes:

• Sean McGurk, Acting Director, National Cybersecurity and Communications Integration Center, U.S. Department of Homeland Security
• Michael J. Assante, President and Chief Executive Officer, National Board of Information Security Examiners
• Dean Turner, Director, Global Intelligence Network, Symantec Corporation
• Mark W. Gandy, Global Manager, IT Security and Information Asset Management, Dow Corning Corporation

Obviously this will be a high-level policy-review type hearing not an actual look at the nuts and bolts of Stuxnet. This is the first hearing that I have seen that will specifically address ICS security issues, certainly there has not been much in the way of legislation looking at ICS security. Its disappointing not to see someone from Siemens, but at least Symantec will be at the table.

BTW: We are still waiting to see this Committee’s report on S 3480, the Lieberman-Collins-Carper cyber security bill. This report was ordered by the Committee back in June. Nothing in the original version of the bill that specifically addressed ICS security, but we won’t know for sure about the final version until this report is issued. This bill is not likely to be passed in the lame duck session.