Dale Peterson at Digital Bond posted a thoughtful piece this Monday on his blog titled: “How DHS Can Best Help ICS Security”. As always, Dale’s commentary is well informed and provides voice to points many experts in industry share.
I have added the following comment to the conversation following Dale’s blog post. We encourage interested parties to share their thoughts here or on the Digital Bond blog.
——————————-
Hey Dale,
The solution is not an either/or choice of what information to share how and with who, but nonetheless your primary point is correct: the maximum value returned from information sharing at this point will be found where it moves C-Level actions.
In many ways the very act of issuing the Executive Order is just that. It is also the kind of Small Data information sharing that is appropriate for C-Level use. Executives don’t process information like “you need to develop a comprehensive identification and remediation strategy for vulnerable devices on your process control system” (much less anything deeper). Conversely, they are very good at processing information such as:
“The nation’s CEO is looking at you (and he’s pissed).”
The President and his bully-pulpit can perform that sort of single-packet information sharing very well. Much more effectively than those of us with more granular opinions and smaller megaphones. The purpose, though, is not to make those same C-Level executives then listen to the detailed solution – which they won’t do and wouldn’t understand – but rather to cause them to turn to their subordinates and share a similarly simple packet of information which junior executives are well versed in processing:
“The President of the United States is pissed off at me. Make it stop.”
This “Public Sector Executive to Private Sector Executive” information sharing needs to support the more detailed information sharing that folks like ourselves can accomplish by encouraging more of the right people to engage. We see this effect already both in the activity of the ICS-ISAC as well as other conversations we engage in. The increase in ICS-ISAC membership and attendance at the center’s public briefings since the Executive Order is mirrored in other groups’ briefings we have attended since.
Executive-to-Executive information sharing needs to support the more detailed information sharing that you mention above, though, not replace it. Inasmuch as the Executive-to-Executive information sharing is successful there needs to be not less but rather more opportunities for sharing of the pointillistic information that will satisfy the simple mandates facility executives roll downhill to their staffs.
The details of that granular information sharing among operational peers is the subject of other conversations, but the fact that those conversations are now getting more involvement is an indication that the Executive-to-Executive efforts are having the desired impact. What folks like your team and our team and the various groups and individuals who have comprised the information sharing activity to date need to do is continue to escalate those efforts, leveraging the seismic shifts caused by the Administration.
Any lack of success to date is well-shared among all involved. The combined efforts of all involved have not been completely unsuccessful, though. In the twenty years since these issues first crossed my own bow there has been a consistent growth in understanding among all involved. It may have been a long, low slope for much of that time, but the curve has continued to steepen and is following a predictable path leading to a foreseeable future.
The work that you and others have done has created the environment that leads to the President of the United States taking his recent action, an accomplishment worthy of a measurable amount of praise. Laurels are not for resting on, though. The general shape of what we all need to do going forward is clear, and a large part of it will include sharing more information with more people with more precise aim and craftsmanship.
-best
-chris
ICS Cybersecurity, Inc. 