A Service of Energy CentralEnergyBlogs.com Logo
Home  Utility Business  Generation & Storage  Grid (T&D)  End-Use 
Home >>Smart Grid
Smart Grid - Ernie HaydenTopic Logo

ICSJWG Releases New ICS Vulnerability Disclosure Framework
Posted At : July 26, 2012 3:09 PM | Posted By : Ernie Hayden
Related Categories: Grid Security, SCADA

In a move that may be helpful for utilities, the Industrial Control Systems Joint Working Group (ICSJWG)on July 23 published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.

Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S.  Department of Homeland Security Control Systems Security Program, published the document -- Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies.  Unfortunately, the industrial control systems/supervisory control and data acquisition(ICS/SCADA) industry has been criticized for less than effective disclosures of vulnerabilities in critical infrastructure systems and products.  This new document is intended to provide a foundation for the industry to follow once vulnerabilities are discovered and how the faults should be revealed to the vendors and the operators for remediation.

The ICSJWG notes that the new paper is “a living document and will continue to evolve to reflect the expectations of both asset owners and the IT community in general.’’

The document can be a good starting point.  Key sections include:

  • Software Vulnerabilities (Types and Associated Remediation)
  • Mechanisms for Identifying Vulnerabilities
  • Types of Disclosure (Private, Public, Third-Party)
  • Vulnerability Disclosure Policy Components
  • Terminology/Glossary
  • Sample Disclosure Policy Overview
  • References

If you work with ICS/SCADA systems and if you could be in a situation where you are aware of vulnerabilities but do not have a sense of how they should be handled and revealed, I’d strongly suggest you look over this framework as a guide.  Secondly, if your company develops and/or tests ICS/SCADA software, then this framework can be a good starting point in developing your own internal policy and procedures for handling and ultimately disclosing newly discovered ICS vulnerabilities.

807 Views Comments 0 Comments Comments Add Comment Author BioAuthor Bio
ReportReport This Post as Foul/Inappropriate
Comments Add Comment

There are no comments for this entry.

  
Toolbox

Blog Editor
My Account
My Blogs
Make an Entry
Search

Calendar
<< June 2013 >>
S M T W T F S
      1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30       
Recent EntriesRecent Entries
No recent entries.
Recent CommentsRecent Comments

Effective Security Requires Involved Leadership
Jerry Watson said: There seems to be no limit to the peddling of fear in the US. The formula is simple fear = cash. It... [More]

DistribuTECH - Smart Grid and SCADA: They Both Need Security
Andy Bochman said: Hey Hayden - we're sure did talk meters and privacy. On Dtech eve, in the Riverside rooms, with the... [More]

State of Electric Grid Security – At Least for February 2011
Jack Warner said: Recent Congressional testimony, the Stuxnet virus attack, and the little - publicized RSA hack are c... [More]

Emerging Phenomena in the Changing Electric Energy Industry
Alok Misra said: Regarding the news of the hacking of the Siemens scada, I and my colleagues have been toying with t... [More]

RSS

RSS

Energy Central
Power Network

Webcasts

Securing the Grid

Jun 20, 2013 - 2013-01-01 12:00:00

Power On: Utilizing Smart Meters to Improve Outage Management at DTE Energy

Jun 26, 2013 - 2013-01-01 13:00:00

Energizing Utility IT Resource Capacity Management.

Jun 27, 2013 - 2013-01-01 13:00:00

Unlocking the data scientist mystery

Jul 09, 2013 - 2013-01-01 12:00:00

The Foundation Meets The Vision: A Discussion with an Analytics Pioneer

Jul 16, 2013 - 2013-01-01 12:00:00

Improving cash flow through credit and collections analytics

Jul 31, 2013 - 2013-01-01 12:00:00

Conferences / Shows

Intersolar North America

Jul 08, 2013 - Jul 11, 2013

Data Informed's Marketing Analytics and Customer Engagement

Jun 24, 2013 - Jun 25, 2013

National Town Meeting on Demand Response and Smart Grid

Jul 09, 2013 - Jul 11, 2013

Business Continuity & Organizational Resilence for Utilities

Jul 16, 2013 - Jul 18, 2013

Electric Utility Ratemaking

Jul 16, 2013 - Jul 18, 2013

UtiliNet Europe 2013

Jul 02, 2013 - Jul 05, 2013


Sponsored Content
HOME | POWER INDUSTRY | UTILITY BUSINESS | INTELLIGENT UTILITY & SMART GRID | POWER GENERATION | POWER DELIVERY | ENERGY STORAGE | END USE & MANAGEMENT

MY ACCOUNT | MY BLOGS | MAKE AN ENTRY | ABOUT US | FEEDBACK | ADVERTISING | PRIVACY POLICY | TERMS OF USE | CONTENT POLICY | WHAT IS A BLOG
Copyright © 1996-2013 by CyberTech, Inc. All rights reserved.
Energy Central ® is a registered trademark of CyberTech, Incorporated.
CyberTech does not warrant that the information or services of Energy Central will meet any specific requirements; nor will it be error free or uninterrupted; nor shall CyberTech be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or inability to use Energy Central.
2821 S. Parker Rd. Ste 1105 Aurora, CO 80014
Contact: Phone - 303-782-5510 Fax - 303-782-5331 or service@energycentral.com.