DHS’s cyber wing pledges to invest more in industrial control systems security

Written by

The Department of Homeland Security’s cybersecurity division on Tuesday unveiled a strategy to help protect industrial control systems that support energy, transportation, and other critical sectors from being hacked.

The goal is to use data analytics, enhanced training, and better technology to help guard U.S. critical infrastructure operators from foreign hacking groups that have shown a steady interest in their networks.

“We’re going to ask more of the ICS community, but we’re also going to deliver more to you,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, said at a virtual meeting of the ICS Joint Working Group, a government-industry initative.

A better understanding of cybersecurity risk in the industrial space can lead to “being out in front of the adversary…putting friction into their plans so that they have to…develop new capabilities,” Krebs said.

“We’re going to develop deep data capabilities to analyze and deliver information the community can use to disrupt the ICS kill chain,” he added, referring to the different stages of a cyberattack on industrial systems.

U.S. critical infrastructure operators have continued to invest in defenses as multiple hacking groups have probed their systems in recent years. In late 2018, the group behind the infamous Trisis malware, which forced a Saudi petrochemical plant to shut down, expanded its targeting to include U.S. electric utilities.

Industrial organizations have studied those hacking techniques to boost defenses. For its part, CISA can do more to turn data from hacking incidents the agency responds to into security advice, Krebs said. That could mean more analyses like the one CISA released in February of a ransomware attack on a natural gas compression facility.

CISA has long appealed for collaboration with ICS security professionals, but the effort was given greater priority after the federal government shutdown in December 2018 and January 2019. On Tuesday, Krebs pledged more frequent and in-depth discussions with industry executives to understand what they’re looking for from the federal government.

Krebs began the webinar by reflecting on the protests that have gripped the U.S. since the killing of George Floyd, an unarmed black man, by Minneapolis police last month.

“The recent events of civil unrest across the country really lay bare…a number of the concerns, the shortages, the lack of inclusivity and diversity that we have across the infosec and ICS security space and gives us a lot of time to reflect on where we are as a community,” Krebs said.