ICS-CERT Mission

There is an interesting new link near the top of the ICS-CERT landing page that leads to a page that I have never seen before, but that is probably not new; About the Industrial Control Systems Cyber Emergency Response Team. It provides an overview of the ICS-CERT mission within the DHS National Protection and Programs Directorate.

The page outlines the ICS-CERT role in the DHS strategy for securing control systems. It lists six key responsibilities:

• Responding to and analyzing control systems-related incidents;

• Conducting vulnerability, malware, and digital media analysis;

• Providing onsite incident response services;

• Providing situational awareness in the form of actionable intelligence;

• Coordinating the responsible disclosure of vulnerabilities and associated mitigations; and

• Sharing and coordinating vulnerability information and threat analysis through information products and alerts.

It also provides links to a number of interesting (if severely dated) supporting documents, including:

• Strategy for Securing Control Systems (dated October 2009);

• NCCIC/ICS-CERT Fact Sheet;

• NCCIC/ICS-CERT Incident Analysis Fact Sheet;

• NCCIC/ICS-CERT Assessments FAQ Sheet;

• NCCIC/ICS-CERT Acronyms List; and

• Common Cyber Language document

In many ways the last document may be the most valuable if more people, particularly legislators and regulators, would use it. It would make talking about cybersecurity issues much easier. I’ll highlight three of the key definitions here; only two of which I like (guess which ones – grin):

Cyber Incident - An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Cyber System - Any combination of facilities, equipment, personnel, procedures, and communications integrated to provide cyber services; examples include business systems, control systems, and access control systems.

Cybersecurity - The full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

The one thing missing from this collection of information about ICS-CERT is some sort of fact sheet on the vulnerability disclosure process that outlines the process, procedures and ICS-CERT policies on the topic. I think that this would be a valuable addition to the page.

One other complaint that I have with the information presented here (and across most of the DHS web sites) is there is a real lack of information dating. It is hard to tell what information is dated and what information is new. This is particularly important when the organization updates the pages.