Monday, March 13, 2017

ICS-CERT Publishes Destructive Malware Paper

Today the DHS ICS-CERT published a new white paper; Destructive Malware. This is a brief overview of wiper (five types) and multifunctional wiper (three types) malware. It provides a couple of paragraphs to summarize the action of each malware type with a very brief recovery summary.

This is not a technical level document; it is more of a management overview designed to allow mid-level managers to understand the very basics of what their technical personnel are talking about. Unfortunately, I think that it misses its usefulness for this purpose by being too definitive in its explanation of appropriate responses. It might lead non-technical managers to unnecessarily question tech actions that do not fit the narrow parameters of the actions suggested.

I also do not understand why this is being published by ICS-CERT instead of US-CERT. While these malware may affect ICS operations, they are not specifically ICS malware. If this had been published by US-CERT it might reach a wider audience outside of the control system security community.

No comments:

/* Use this with templates/template-twocol.html */