ICSJWG: Knowledge Sharing

Wednesday, October 17, 2012 @ 07:10 AM gHale

By Gregory Hale
Knowledge leads to total protection.

That protection stems from effective, efficient and timely sharing of critical knowledge. “A vulnerability is shared in real time,” said Chris Blask, founder and chief executive of ICS Cybersecurity and chair of the ICS-ISAC during his session Tuesday at the Industrial Control Systems Joint Working Group (ICSJWG) meeting in Denver, CO.

ICSJWG: Researchers on Same Team
Firewall Costs; Hidden Costs
ICS, SCADA Myth: Protection by Firewalls
ISASecure Means More Security

“It is possible to gather all the details and then put it in context and share with other centers,” Blask said. “It allows the venders to address issues. It allows asset owners to understand everything.”

Gathering critical information and sharing that with others in the proper context is the goal behind the Industrial Control System-Information Sharing and Analysis Center (ICS-ISAC)

“You need to aggregate the data and have actionable information,” said Gib Sorebo, chief cyber security technologist and assistant vice president at SAIC. “You need to get to the point where people take action on something before something happens.”

ICS-ISAC will provide automated cross-industry alerting and threat communications among critical infrastructure companies.

While individual critical infrastructure areas have their own information-sharing efforts, the ICS-ISAC will increase communications horizontally, across industries, Blask said.

This is a private sector concept to the government run ICS-CERT. “ICS-ISAC serves a purpose unmet in the community,” Sorebo said.

“This provides information in a way to show how you can use the information,” Sorebo said. “This isn’t letting people figure it out for themselves.”

In short, ICS-ISAC is all about getting information in the hands of end users so they can understand a threat.

“Being able to respond quickly when you find something is appealing,” said Paul Forney, chief technologist at Invensys Operations Management’s R&D security team.

Now, there is a time lag over when people find out about a vulnerability.

“You don’t know about the vulnerability and you don’t know how to react,” he said. “Why couldn’t there be more information available much closer to the incident?”

Leave a Reply

You must be logged in to post a comment.