DHS wants more teams that respond to cyber threats

Small teams of experts have been deployed to respond to incidents, conduct assessments

The Homeland Security Department has formed small teams of experts to respond to cyber threats against industrial control systems in facilities such as factories and power plants.

The teams, which are part of DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), have so far conducted 50 assessments and been deployed 13 times to respond to incidents, DHS spokeswoman Amy Kudwa said. DHS now has four teams with about four people each, and the department wants to expand the program to 10 teams, she added.

The teams have a budget of $10 million this year and $15 million next year, according to the Associated Press. AP reported that the teams deploy with a $5,000 kit that includes a suitcase-sized bag with cables, converters, data storage and computer forensic tools.

Experts worry about malicious code being used to target industrial control systems or supervisory control and data acquisition systems. The problem of protecting critical infrastructure from cyberattack is a frequent subject of conferences, policy discussions and congressional hearings.

Recently, the threat has come into sharper focus as news has spread about malware named Stuxnet that targets industrial control systems. Stuxnet exploits a zero-day vulnerability in Microsoft Windows' processing of shortcut files to access systems after users open a USB drive.


Related Stories:

Microsoft offers workaround for vulnerability in icons

Critical infrastructure central to cyber threat


In an advisory notice dated Aug. 2, ICS-CERT said it has confirmed that the malware installs a Trojan that interacts with Siemens' SIMATIC WinCC or SIMATIC Step 7 software and then makes queries to any discovered SIMATIC databases.

ICS-CERT said it is coordinating with Siemens-CERT, the CERT Coordination Center, Microsoft, and others to share and analyze information. The full capabilities of the malware and intent or result of the queries aren’t yet known, the group said in its advisory.

Siemens has published recommendations for detecting and removing Stuxnet, and Microsoft has released a security update.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.