Yesterday Toshio Miyachi posted
a reply to my latest public
ICS disclosure blog post providing a link to the Schneider Electric TRISIS presentation at S4x18.
Just finished watching the 26-minute video and it is well worth the time to
view it. Dale Peterson’s opening comments are right on point about both the
tactical and strategic (my terminology, not Dale’s) importance of this video.
An easy to overlook part of this presentation starts at
about 5:14 into the video where Paul Forney outlines the people that helped in
the TRISIS incident analysis. The slide shown at 5:14 minutes provides a short
list which Paul expands upon.. Two points that I want to make about this. First
ICS-CERT is not mentioned, it’s parent organization, NCCIC, gets credit for the
work done predominantly (I would suspect) by the technical folks at ICS-CERT.
The second item is the credit that Forney gives to DOD for
coordinating the government efforts in the data collection and analysis effort.
I suspect that this was predominantly Cyber Command. While this says good
things about the control system understanding of DOD, I think that this could
raise posse comitatus concerns if the incident had occurred in the United
States. If DOD is going to be an important player in cybersecurity response,
Congress needs to specifically outline the legal permissible limits of that
involvement. Otherwise, the NCCIC is going to have to beef up its capabilities
to accept that role.
Posts
No comments:
Post a Comment