DHS wants more teams that respond to cyber threats
Small teams of experts have been deployed to respond to incidents, conduct assessments
The Homeland Security Department has formed small teams of experts to respond to cyber threats against industrial control systems in facilities such as factories and power plants.
The teams, which are part of DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), have so far conducted 50 assessments and been deployed 13 times to respond to incidents, DHS spokeswoman Amy Kudwa said. DHS now has four teams with about four people each, and the department wants to expand the program to 10 teams, she added.
The teams have a budget of $10 million this year and $15 million next year, according to the Associated Press. AP reported that the teams deploy with a $5,000 kit that includes a suitcase-sized bag with cables, converters, data storage and computer forensic tools.
Experts worry about malicious code being used to target industrial control systems or supervisory control and data acquisition systems. The problem of protecting critical infrastructure from cyberattack is a frequent subject of conferences, policy discussions and congressional hearings.
Recently, the threat has come into sharper focus as news has spread about malware named Stuxnet that targets industrial control systems. Stuxnet exploits a zero-day vulnerability in Microsoft Windows' processing of shortcut files to access systems after users open a USB drive.
Microsoft offers workaround for vulnerability in icons
Critical infrastructure central to cyber threat
In an advisory notice dated Aug. 2, ICS-CERT said it has confirmed that the malware installs a Trojan that interacts with Siemens' SIMATIC WinCC or SIMATIC Step 7 software and then makes queries to any discovered SIMATIC databases.
ICS-CERT said it is coordinating with Siemens-CERT, the CERT Coordination Center, Microsoft, and others to share and analyze information. The full capabilities of the malware and intent or result of the queries aren’t yet known, the group said in its advisory.
Siemens has published recommendations for detecting and removing Stuxnet, and Microsoft has released a security update.
Ben Bain is a reporter for Federal Computer Week.