Yesterday DHS ICS-CERT, in conjunction with US-CERT, issued an
update of the Joint Security Awareness Report on the Shamoon malware. While
this information stealing tool is suspected as being responsible for shutting
down the Saudi oil company IT network, there has been no mention of it being
used, or being specifically capable of being used, against control systems.
New Information
The new information included in the Update (on page 2) are
three new entries in the ‘Tactical Mitigations’ section of the JSAR. The first
is a ‘no duh’ entry, the second is somewhat useful, and the third is somewhat
confusing. In general these three additions hardly make issuing an update
worthwhile, particularly for the ICS community.
Drill Your Recovery Plan
I did say that this was a ‘no duh’ mitigation strategy, but
to be fair ‘drill your recovery plan’ is one of those common sense strategies
that probably doesn’t get done much. I’m not sure that simply listing it in a
JSAR will help that. Perhaps an explanation of why any plan must be practiced
(drilled) to be effective will help.
The military probably has the best experience in developing,
perfecting and executing contingency plans. They know from bitter and painful
experience that plans inevitably have short comings due to assumptions made in
the planning process. Most often these assumptions are not clearly understood
and frequently not even identified.
Practicing a plan will usually point out some of the
shortcomings in the plan that are a result of inaccurate or incomplete
assumptions. This does require, however, that after the plan has been
exercised, that a clear and complete analysis has to be made of the areas where
the plan did or did not work. And then the plan has to be modified to correct
the deficiencies and build on what was done right.
Posts
No comments:
Post a Comment