Control Systems Security
The Department Of Homeland Security Control Systems Security Program and the Department of Energy National Scada Test Bed lead the efforts in raising awareness about the threats to our nations critical infrastructure. These efforts include extensive training, and vulnerability analysis on control systems. These analysis help identify problems and lead the nation towards a securer infrastructure.
Control Systems Security Program: The Department of Homeland Security (DHS) National Cyber Security Division (NCSD) established the Control Systems Security Program (CSSP) to guide a cohesive effort between government and industry to improve the security posture of control systems within the nation's critical infrastructure. The CSSP assists control systems vendors and asset owners/operators in identifying security vulnerabilities and developing measures to strengthen their security posture and reduce risk through sound mitigation strategies.
Training: Both CSSP and NSTB offer a variety of trainings to raise awareness about Industrial Control Systems security. Courses are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. The Red Team/Blue Team provides participants an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. A sample process control network is used to demonstrate exploits and to give the student actual hands-on experience.
Vulnerability Analysis: CSSP and NSTB researchers perform assessments on industry provided equipment both in laboratory and field environments. This assessment process is highly flexible and is tailored to the mutual interests of the industry partner. The goal of a control system cyber security assessment is to identify and mitigate vulnerabilities that attackers may use to disrupt or take control of the system.