DHS Ramping Up Defense Of Critical Control Systems

The discovery of the first worm to target networks controlling power plants points has prompted an expansion of specialized forensic teams to combat the cybersecurity threat.

The Department of Homeland Security (DHS) plans to ramp up a program that sends specialized forensic teams to combat the cybersecurity threat on U.S. critical control systems, such as those that control power plants, industrial facilities and air-traffic control systems.

For the past year, the DHS has sent out four special teams -- collectively a part of the Industrial Control System Computer Emergency Readiness Team -- on missions to examine these systems to determine threats and respond to technical-support calls from private-sector partners.

However, the department plans to expand the program next year, a move that coincides with the discovery last month of the first worm designed to specifically attack such systems.

"There is no shortage of demand for this service from the DHS among our partners in the private sector," said DHS spokesman Amy Kudwa Wednesday. "That there has been this worm that is specifically focused on control systems only solidifies our focus on expanding this program."

The system attacked was based on technology from Microsoft and Siemens, which have developed patches for the worm, she added.

The worm attacked four systems, none of which were in the U.S. However, its presence is enough to put the DHS on alert for more direct attacks on critical systems.

The specialized control-system teams -- which fall under the purview of the National Cybersecurity Division (NCSD), part of the DHS Office of Cybersecurity and Communications -- went on 13 missions last year armed with a $5,000 case full of specialized forensic technology to identify malware on control systems

The expansion of the NCSD's budget for the program from $10 million to $15 million is meant to increase the number of teams available for these service calls from four to 10 in 2011.

Response to the threat on critical control systems is not new. The DHS has been keeping a close eye on them and published reports about how to address vulnerabilities for about five years. The systems are high risk given that they are often built on outdated technology that does not have the same security level as newer systems.

Earlier this month, the Wall Street Journal revealed that the National Security Agency (NSA), too, is expanding its interest in protecting control systems. The agency is set to launch a program specifically aimed at assessing vulnerabilities and developing capabilities to secure them.

While the government's interest in these systems is aimed at keeping crucial systems protected and online in the event of a cyberattack, it also has raised questions of privacy and just exactly what the government's role should be in protecting privately owned networks.

Read more about:


About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights