Wednesday, February 7, 2018

Reader Comment - Schneider S4x18 Presentation

Yesterday Toshio Miyachi posted a reply to my latest public ICS disclosure blog post providing a link to the Schneider Electric TRISIS presentation at S4x18. Just finished watching the 26-minute video and it is well worth the time to view it. Dale Peterson’s opening comments are right on point about both the tactical and strategic (my terminology, not Dale’s) importance of this video.

An easy to overlook part of this presentation starts at about 5:14 into the video where Paul Forney outlines the people that helped in the TRISIS incident analysis. The slide shown at 5:14 minutes provides a short list which Paul expands upon.. Two points that I want to make about this. First ICS-CERT is not mentioned, it’s parent organization, NCCIC, gets credit for the work done predominantly (I would suspect) by the technical folks at ICS-CERT.

The second item is the credit that Forney gives to DOD for coordinating the government efforts in the data collection and analysis effort. I suspect that this was predominantly Cyber Command. While this says good things about the control system understanding of DOD, I think that this could raise posse comitatus concerns if the incident had occurred in the United States. If DOD is going to be an important player in cybersecurity response, Congress needs to specifically outline the legal permissible limits of that involvement. Otherwise, the NCCIC is going to have to beef up its capabilities to accept that role.

No comments:

/* Use this with templates/template-twocol.html */