Tuesday, October 23, 2012

Good ICS-CERT Guidance for You, Electric Utility Security Pro

Hat tip to Jeff M aka Mr. NISTIR. Surely you've seen reports in the press and, depending who you are, maybe through more official channels, that companies in every sector are under persistent cyber assault these days. The DHS and other US Federal agencies are working overtime (sometimes literally, sometimes figuratively) to keep up.

With our own sector in mind, DHS recently published ICS-CERT Technical Information Paper ICS-TIP-12-146-01A: Targeted Cyber Intrusion Detection and Mitigation Strategies. I think you'll find this material very helpful, no matter what level of technical depth you possess.

They take just ten pages and keep it manageable by not getting too ambitious or detailed:
The guidance is in the form of “what” should be done and “why” it is important. The “how” of implementation is the responsibility of each organization and is dependent on individual needs, network topology, and operational requirements.
Nice done. And then there's this, which future generations of security professionals and risk managers will likely find silly, but that many, even in 2012, still need to hear. But wait, let's go to a sports analogy first: imagine a defensive line in American football playing with blindfolds. Or how about one in military mode: how much would you pay a defense contractor for a missile defense system without sensors to detect incoming hostile missiles? 

OK enough delay; here's the passage I've been trying to get to:
The need for intrusion detection capabilities cannot be overstated. The ability to detect and identify the source and analyze the extent of a compromise is crucial to rapid incident response, minimizing loss, mitigating exploited weaknesses, and restoring services. Early detection of an incident can limit or even prevent possible damage to control systems and reduces the level of effort required to contain, eradicate, and restore affected systems
There's plenty of good guidance that applies equally well to IT and OT systems, and some that's for OT only. Recommend you give the full piece a read; I think you'll like what you see.