This afternoon the DHS ICS-CERT published the latest version
of the ICS-CERT Monitor. I have been a pretty harsh critic of recent issues of
this publication, but, with this issue, I am returning to recommending that
ICS-CERT owners read and circulate the document.
I was disappointed with the initial article on information
sharing, particularly since it was started with a report of a potential control
system compromise on a system that wasn’t compromised. I understand that this is
probably a not-unusual occurrence, but it would have made a stronger case for
incident reporting if the lead-in story was about a compromised system that was
caught before the compromise was exploited. Having said that, a very good point
was made in the article about the importance of system logging.
The two lengthy articles in this issue were both well done.
The discussion about trends in malware will probably be a little basic for
security savvy IT or operations administrators, but it would be a good article
to share with plant management. It is a nice overview of malware history
leading into potential problems with IIOT.
The second article should, on the other hand, be required
reading for everyone in the cyber enterprise, not just industrial control
systems. The problem of the disposal of inadequately scrubbed computers spans
IT, ICS and personal computing. And it gives nice props to Wighman, Sistrunk
and Toecker who worked on the problem with ICS-CERT.
There are a number of short articles that may be of interest
to those of us keeping up with things going on in the ICS world. They include:
• ICS-CERT at DEF CON and Black Hat;
• Section 508 and Accessibility;
• ICS-CERT Virtual Learning Portal
Upgrade;
• Industrial Control Systems Joint Working Group
Meetings;
Again, this issue is much improved over those that were
produced recently. I really want to encourage ICS-CERT to keep up the quality
and applicability of the information presented in the Monitor. If they do, this
will be another valuable tool for that organization to share information with
the control system security community.
Posts
No comments:
Post a Comment