InfoSec Program Revisions Suggested

IG Evaluates DHS's Control Systems Security Program
InfoSec Program Revisions Suggested
Homeland Security's inspector general contends that the department's Control Systems Security Program, or CSSP, can become more effective in helping secure the nation's critical IT infrastructure.

The program coordinates the cybersecurity efforts for control systems between the public and private sectors. DHS's National Cybersecurity Division (NCSD), the program's sponsor, facilitates cybersecurity information sharing with the public.

"While NCSD has made progress in implementing a cybersecurity program for control systems, opportunities still exist for improvements to its CSSP," DHS's IG said in a report dated Aug. 12 but made public Tuesday. Among the IG's recommendations, the division should:

Encourage more information sharing of critical infrastructures' needs, threats and vulnerabilities between the public and private sectors;

Increase the number of cybersecurity vulnerability assessments performed in order to reduce the overall risk to current operational control systems;

Establish enhanced performance measures to ensure its mission and goals are attained as they relate to the program; and

Expand the division's education, training, and awareness program to improve the public and private sector personnel's knowledge of control systems cybersecurity.

In its response, DHS officials concurred with most of the recommendations, noting that the division has or is in the process of implementing them.

The IG reviewed the program to determine its effectiveness in improving cybersecurity for control systems within the nation's critical infrastructure and key resources. "Control systems are vital to the operation of production systems within factories and plant facilities across the nation," the report said. "They are used in industries, such as chemical, electric, oil and natural gas, and water and wastewater treatment. A disruption in control system operations may result in the loss of productivity and life, and have a negative impact on the economy and national security."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.