DHS wants more teams that respond to cyber threats

Small teams of experts have been deployed to respond to incidents, conduct assessments

The Homeland Security Department has formed small teams of experts to respond to cyber threats against industrial control systems in facilities such as factories and power plants.

The teams, which are part of DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), have so far conducted 50 assessments and been deployed 13 times to respond to incidents, DHS spokeswoman Amy Kudwa said. DHS now has four teams with about four people each, and the department wants to expand the program to 10 teams, she added.

The teams have a budget of $10 million this year and $15 million next year, according to the Associated Press. AP reported that the teams deploy with a $5,000 kit that includes a suitcase-sized bag with cables, converters, data storage and computer forensic tools.

Experts worry about malicious code being used to target industrial control systems or supervisory control and data acquisition systems. The problem of protecting critical infrastructure from cyberattack is a frequent subject of conferences, policy discussions and congressional hearings.

Recently, the threat has come into sharper focus as news has spread about malware named Stuxnet that targets industrial control systems. Stuxnet exploits a zero-day vulnerability in Microsoft Windows' processing of shortcut files to access systems after users open a USB drive.


Related Stories:

Microsoft offers workaround for vulnerability in icons

Critical infrastructure central to cyber threat


In an advisory notice dated Aug. 2, ICS-CERT said it has confirmed that the malware installs a Trojan that interacts with Siemens' SIMATIC WinCC or SIMATIC Step 7 software and then makes queries to any discovered SIMATIC databases.

ICS-CERT said it is coordinating with Siemens-CERT, the CERT Coordination Center, Microsoft, and others to share and analyze information. The full capabilities of the malware and intent or result of the queries aren’t yet known, the group said in its advisory.

Siemens has published recommendations for detecting and removing Stuxnet, and Microsoft has released a security update.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Reader comments

Thu, Aug 12, 2010 Jeffrey A. Williams

The best cybersecurity pros' are in the private sector and have no political ax to grind. Unfortunately these teams are so far behind the threat curve it's nearly laughable but also very dangerous. Small independant cybersecurity watchdogs do a far better job than DHS is or has ever done yet they do purport to want our input but routinely ignore same usually to their perril. The recently reported SSH attack is one such example of these teams being far too reactive instead of proactive and current.

Tue, Aug 10, 2010 Jeffrey A. Williams Frisco Texas

I largely agree with the previous commenters remarks in regards location of these proposed teams. I disagree that an aditional 10 teams will be anywhere near enough. Each state should have at least one team, and some states will need 2 or more located within each state at designated but not disclosed locations.

Tue, Aug 10, 2010 Jeffrey A. Williams Frisco Texas

I largely agree with the previous commenters remarks in regards location of these proposed teams. I disagree that an aditional 10 teams will be anywhere near enough. Each state should have at least one team, and some states will need 2 or more located within each state at designated but not disclosed locations.

Mon, Aug 9, 2010

A question comes to mind, where are they going to locate these teams? In DC or are they going to "Home" these teams in regional areas. One of the problems that should have been clearly observed in 911 was that air travel was shutdown. The next week there was a massive worm that exploded on the net. Many key infrastructure components were impacted. Utilities companies to name one, if these Response Units are not regionally located then the program is set to fail. There would be 8 of those teams in the lower-48, 1 in HI, 1 in Alaska.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above