TRENDING:

InfoSec Program Revisions Suggested

IG Evaluates DHS's Control Systems Security Program Eric Chabrow (GovInfoSecurity) • September 1, 2009    
InfoSec Program Revisions Suggested
Homeland Security's inspector general contends that the department's Control Systems Security Program, or CSSP, can become more effective in helping secure the nation's critical IT infrastructure.

The program coordinates the cybersecurity efforts for control systems between the public and private sectors. DHS's National Cybersecurity Division (NCSD), the program's sponsor, facilitates cybersecurity information sharing with the public.

"While NCSD has made progress in implementing a cybersecurity program for control systems, opportunities still exist for improvements to its CSSP," DHS's IG said in a report dated Aug. 12 but made public Tuesday. Among the IG's recommendations, the division should:

Encourage more information sharing of critical infrastructures' needs, threats and vulnerabilities between the public and private sectors;

Increase the number of cybersecurity vulnerability assessments performed in order to reduce the overall risk to current operational control systems;

Establish enhanced performance measures to ensure its mission and goals are attained as they relate to the program; and

Expand the division's education, training, and awareness program to improve the public and private sector personnel's knowledge of control systems cybersecurity.

In its response, DHS officials concurred with most of the recommendations, noting that the division has or is in the process of implementing them.

The IG reviewed the program to determine its effectiveness in improving cybersecurity for control systems within the nation's critical infrastructure and key resources. "Control systems are vital to the operation of production systems within factories and plant facilities across the nation," the report said. "They are used in industries, such as chemical, electric, oil and natural gas, and water and wastewater treatment. A disruption in control system operations may result in the loss of productivity and life, and have a negative impact on the economy and national security."

Previous
Data Breach Trends - Mary Monahan, Javelin Strategy & Research
Next
Security Metrics Pose Challenge to Researchers

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.