CSIS Report and Industrial Control Systems

Dec. 16, 2008
The Center for Strategic and International Studies (CSIS) issued the report “Securing Cyberspace for the 44th Presidency”.  The report does a very good job of addressing the delicate balancing act of securing our critical infrastructures while maintaining personal privacy. In addition, the report specifically includes industrial control systems (ICS) which is elevating our status in the eyes of Washington decision makers. Many of the recommendations in the White Paper on Industrial Systems requested by CSIS have been incorporated in the final CSIS report.
The Center for Strategic and International Studies (CSIS) issued the report “Securing Cyberspace for the 44th Presidency”.  The report does a very good job of addressing the delicate balancing act of securing our critical infrastructures while maintaining personal privacy. In addition, the report specifically includes industrial control systems (ICS) which is elevating our status in the eyes of Washington decision makers. Many of the recommendations in the White Paper on Industrial Systems requested by CSIS have been incorporated in the final CSIS report. These recommendations included the need for senior management buy-in, the need for effective regulation (currently, the NIST Framework, including NIST SP800-53, are the most comprehensive standards for industrial control systems), the need for vendors to include security in the designs of their control instrumentation, and monitoring products, and the need for effective information sharing. These key issues have been addressed in the CSIS report with the following recommendations: -    Leaders from four key areas - energy, finance, the converging information technology/communications sectors and government would serve on The President’s Committee for Secure Cyberspace.      -    A new operational organization, the Center for Cybersecurity Operations (CCSO) where public and private-sector entities can collaborate and share information on critical cybersecurity in a trusted environment. -    The president should task the National Office for Cyberspace (NOC) to work with appropriate regulatory agencies to develop standards and guidance for securing critical cyber infrastructure, which those industries would then apply their own regulations. -    The NOC should work with the appropriate regulatory agencies and with NIST to develop regulations for ICS. This could include establishing standard certification metrics and enforceable standards. The government could reinforce regulation by making the development of secure control systems an element of any economic stimulus package that invested in infrastructure improvements. -    The NOC should immediately determine the extent to which government-owned critical infrastructures are secure from cyber attack, and work with the appropriate agencies to secure these infrastructures. As representatives of the control system industry, we need to continue working with the Obama administration and all appropriate government representatives to assure the security of our critical infrastructures. We’ve gotten a ticket to the game. Now we have to make sure we show up to play. The CSIS report is a wonderful beginning, and great foundation on which to build. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.