DHS maintains a number of ‘landing pages’ where they post links to a wide variety of web pages on their site that might be of interest to specific homeland security audiences. Recently they updated the ‘Critical Infrastructure Protection’ landing page by adding a link to their ‘Cybersecurity’ landing page.
Since all sorts of computer systems are an integral part of each of the 18 Critical Infrastructure Key Resource (CIKR) sectors, adding this link to the CIP page was obviously a smart and somewhat overdue move. Unfortunately the cybersecurity page provides very limited information on a key function of most of the 18 sectors; industrial control systems. In fact, there is only one ICS specific link on the page; it goes to the ‘Control Systems Security Program Training’ page of the CSSP site.
Don’t get me wrong. The inclusion of the training programs page is very important. The CSSP training programs are an invaluable, if severely limited in time and resources, part of increasing the overall security of industrial control systems in the United States.
Two other CSSP programs should be specifically linked to the cybersecurity landing page; the CSSP homepage and the Cybersecurity Evaluation Tool (CET). To aid in identifying the CET as a control systems evaluation tool the listing of that tool on the cybersecurity page should probably include ‘ICS’ or ‘Control System’ in the title. Of course the CSSP homepage includes a link to the CET page, but a specific listing under say ‘Technical Resources’ on the Cybersecurity page would almost certainly increase the visibility of that tool.
Arguably the most valuable part of the CSSP site is the listing of the latest control systems alerts and advisories found on the homepage. This listing helps insure that system owners and operators get the latest information on vulnerabilities that could affect their control systems. Adding this link to the CIP landing page would increase the visibility of CSSP site.
No comments:
Post a Comment