Securing control systems through innovative and effective training programs
Left to right: Ken Rohde and Rita Wells of the Idaho National Laboratory and Neil Hershfield of the Department of Homeland Security jointly receive the 2011 National Cybersecurity Innovation Award from White House Cyber Security Coordinator, Howard Schmidt at the National Cybersecurity Innovation Conference in Washington DC.
WASHINGTON DC, December 27, 2011
The SANS Institute announced today that Department of Homeland Security National Cyber Security Division and Idaho National Laboratory have won the 2011 U.S. National Cybersecurity Innovation Award for building Cybersecurity skills needed to defend the power grid and other control systems.
The Controls Systems Security Program (CSSP) at the Department of Homeland Security and Idaho National Laboratory have created a series of training programs for managerial and technical people in the industries using control systems (power, oil and gas, electrical, water, and several others) that are packed with up-to-date information on cyber threats and mitigations for vulnerabilities.
The goal is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber-attack against critical infrastructure control systems through risk-mitigation activities.
One innovative course provides intensive hands-on training on protecting and securing industrial control systems from cyber-attacks, including a Red Team/Blue Team exercise that is conducted within an actual control systems environment. This training has been transformational for technologists and managers who previously underappreciated the power of cyber-attacks or the ease at which they can be executed.
The Department of Energy - Office of Electricity Delivery and Energy Reliability has partnered with DHS to provide the Red Team/Blue Team training specifically to the energy sector asset owners and create lessons learned from the energy sector.
U.S. Department of Homeland Security and Idaho National Laboratory wins the 2011 National Cybersecurity Innovation Award for developing a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies that have developed and deployed innovative processes or technologies that (1) is innovative in that it has not been deployed effectively before, (2) can show a significant impact on reducing cyber risk, (3) can be scaled quickly to serve large numbers of people, and (4) should be adopted quickly by many other organizations. Nominators for the include most of the senior government officials involved with cybersecurity as well as those from the major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors also nominated innovations. Each nomination was tested by SANS research department against the criteria; those that met *all* four were recognized. More than 50 nominations were received; 14 were selected.
Alan Paller, Director of Research,
(301) 951-0102 x108
Established in 1989 as a cooperative research and education organization, SANS' programs reach more than 400,000 security professionals, auditors, system administrators, and network administrators who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. (www.sans.org)