The OIG evaluated the progress the Department of Homeland Security (DHS) has made in addressing cybersecurity issues and coordinating the response efforts between the public and private sectors for industrial control systems. Security for industrial control systems has been inherently weak because the systems were not designed to be accessible from external networks or the Internet. However, beginning in 1990, companies began to connect their industrial control systems with enterprise systems that are connected to the Internet. This transition allowed remote control of processes and exposed industrial control systems to cyber security risks that could be exploited over the Internet.
The National Cybersecurity and Communications Integration Center, a division of the Office of Cybersecurity and Communications within the National Protection and Programs Directorate (NPPD), is the operational arm of NPPD and is responsible for providing full-time monitoring, information sharing, analysis, and incident response capabilities to protect Federal agencies' networks and critical infrastructure and key resources, such as industrial control systems.
The OIG found that NPPD has strengthened the security of industrial control systems by establishing the Industrial Control Systems Cyber Emergency Response Team to address the need to share critical cybersecurity information, analyze vulnerabilities, verify emerging threats, and disseminate mitigation strategies. NPPD also facilitates cybersecurity information sharing between the public and private sectors through various working groups, issuing alerts and bulletins, and conducting cybersecurity training and conferences regarding industrial control systems.
Although NPPD has made progress in securing control systems, further improvements can be made in information sharing. For example, NPPD needs to consolidate the multiple information sharing communities of interests used to disseminate control system cybersecurity information efficiently and effectively. Additionally, NPPD should provide advance notification of technical and ongoing vulnerability and malware assessments to better coordinate response efforts with the public and private sectors to prevent, detect, and mitigate potential cyber threats.