This is part of a continuing series of blog posts about the
latest DHS-IdeaScale project to open a public dialog about homeland security
topics. This dialog
addresses the DHS Integrated Task Force project to help advance the DHS
implementation of the President’s Cybersecurity Framework outlined in EO 13636.
The earlier post in this series was:
Security of Remote
Infrastructure
Yesterday Scott Sklar posted a new ‘idea’ to ITFSCP site. He
noted that:
“Many states leverage a portfolio
of programs to deploy on-site renewable energy and distributed generation at
cells towers, pipeline pumps (water, sewage, fuels), intersection signal
lights, etc. so they are not tied to the grid, independently powered without
fuel logistics, and are not controllable other than web-enabled diagnostics. This
creates resiliency that is cybersecure.”
While I voted in general agreement with this idea, I did
note in comments posted to the site that I had certain reservations about the
claim of these systems being “cybersecure” just because they were only remotely
controllable by ‘web-enabled diagnostics’. Over the last couple of years we
have seen too many control systems with unintended remote access
vulnerabilities to allow a general claim of security for any web accessible
device.
Public Participation
A quick reminder here that the whole ITFCC program requires
public participation in the suggestion, discussion, selection and
implementation process. The ITFCC
web site is a forum for suggesting and discussing ideas that could become
parts of the process for the security of critical infrastructure cyber-systems.
Failing to participate in that process makes it less likely that you will be
satisfied with the products of that process; products that you may be compelled
to employ.
Take a couple of minutes and look at my latest idea and the
other ideas currently under discussion at the site. Provide comments where you
feel appropriate; become part of the discussion. Vote up or down on all of the
ideas that you feel you can or cannot live with. And more importantly, provide
your own ideas on how we as a society can increase the security of the
cyber-systems that are an integral part of our everyday lives.
Posts
No comments:
Post a Comment