The Department of Homeland Security put feelers out to other governments in the hope of bolstering the safety of industrial control systems (ICS) and created a venue to brainstorm solutions. Critical infrastructure safety was the subject of the ICSJWG 2012 Spring Conference and ICSJWG 2012 International Partners Day that took place in Savannah last week. Attendees quietly shared information and potential solutions to thwart and respond to attacks against ICS and Supervisory Control and Data Acquisition (SCADA) networks used to control pipelines, water supplies, electricity production and manufacturing processes.
The conference attracted process-control specialists from manufacturing and utilities, DHS officials, and ICS vendors from such countries as Japan, Israel, and Europe. The hope is that not only can information be shared, but that possible solutions can result from allocating solution creation globally.
The conference seems to have been very timely; taking place on the heels of a series of cyber intrusions targeting natural gas pipelines companies in the U.S. The attacks, under investigation by several agencies including the FBI, involve sophisticated spear-phishing activities. Unlike the level of phishing schemes typically used with the general public, the phishing emails are convincing recipients that they are sent by a trusted and involved individual. Given the rapid expansion of the natural gas industry lately, this is particularly disturbing. So far, the intent of the attacks is unknown.
The Industrial Control Systems Joint Working Group (ICSJWG), established by the Department of Homeland Security, facilitates information sharing to reduce risk to the country’s industrial control systems.