Industrial control companies creating threat information sharing center
Private sector industrial control companies are moving to create an information sharing and control center to provide more protection against systemic cyber attacks on infrastructure systems from sophisticated malware, such as Flame, Duqu and Stuxnet.
The Industrial Controls Systems Information Sharing and Analysis Center (ICS ISAC) will provide deeper cross-industry alerting and threat communications among critical infrastructure companies, Chris Blask, ICS-ISAC chair told Government Security News in an interview. Blask is also the founder and chief executive officer at ICS Cybersecurity, Inc.
The ICS-ISAC was established by ICS Cybersecurity, but said it has support from industry organizations including SAIC, Yokogawa and Invensys.
Along with Blask, the ICS-ISAC’s managing council includes Sean McGurk, former director of the Department of Homeland Security’s Control System Security Program. McGurk recently joined ICS Cybersecurity and will lead policy development for the ICS-ISAC.
Vendors for control systems used in electric, water, gas, financial services, transportation and other vertical critical infrastructure sectors will increase collaboration on alerts and technical updates using the more horizontal, cross industry ICS ISAC, said Blask.
Stuxnet, Duqu and the recently-discovered Flame Cyber espionage weapon are the latest examples of the need for increased communications among infrastructure providers, he said. According to a recent DHS Control Systems Joint Working Group meeting, DHS officials said they had counted 106,000 incidents that led to more than 5,000 advisories in 2011.
Stuxnet and Duqu led to the recognition of broader systemic vulnerabilities within critical infrastructure and the supporting ecosystems, which have been until recently largely disconnected, according to ICS Cybersecurity. Addressing the resiliency of these systems must occur at technical, organizational and policy levels, it said.
The ICS-ISAC is currently holding working groups to establish process and communications infrastructure, said Blask. While individual critical infrastructure areas have their own information-sharing efforts, the ICS-ISAC will increase communications horizontally, across industries, he said.
Vendors or infrastructure control systems don’t necessarily know who their end customers are, he added, since the systems and software used in them are often sold through third parties, which complicates updates. Software and other security updates could be disseminated more efficiently using the ISC-ISAC, rather than relying on individual ISACS in each sector, he said.
The group has been working to establish its own infrastructure, holding its initial meetings and working group sessions online in April, he said.