The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems.

The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

CISA/ICSJWG developed a Fact Sheet for quick reference information about the ICSJWG: ICSJWG Fact Sheet.

ICSJWG 2020 Fall Virtual Meeting Update

The agency has been monitoring the evolving COVID-19, also known as Coronavirus, situation closely, taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness, should the virus take hold in the U.S. You can find up-to-date information regarding these efforts at https://www.cisa.gov/coronavirus. Additionally, the agency issued a CISA Insights document titled, “Risk Management for Novel Coronavirus (COVID-19)” detailing steps to help executives think through physical, supply chain, and cybersecurity issues that may arise as a result of this ongoing public health concern, CISA.gov/insights.

Meeting Registration is now open!

We are very pleased to open the meeting registration for the ICJSWG 2020 Fall Virtual Meeting using the ON24 platform.

Please register for the meeting no later than September 18, 2020. Using the link, select one or more webcasts and register for all of your selections at one time. There is no cost to attend this event.

We are excited about the offerings for the upcoming virtual meeting!

The meeting will kick off on September 21 with an overview of the CISA Mission by CISA Leadership. Day 1 will continue with presentations from the community.

A Capture the Flag activity is available from the opening of the meeting on September 21 until about 4:00 p.m. Eastern Time on September 22. The CTF exposes analysts to hunting across ICS networks for malicious behavior, with puzzles appropriate for both the beginner and the experienced analyst. Challenges include artifacts generated from IT/OT host forensic data, network data (from both bro logs and pcap), and OT equipment actively being exploited by a threat actor. The CTF will be accessible remotely across the internet. Some of the puzzles will require a computer which can run common cyber analytical tools such as wireshark. Specific instructions and requirements will be provided to registrants before the virtual meeting starts.

An updated ICS Training series overview will be provided during this virtual meeting on September 22. The overview will discuss the CYBER-CHAMP (c) program and allow questions and answers about the sessions provided after the virtual meeting. These subsequent sessions are scheduled to run after the virtual meeting in September and into October. The training series includes both a Foundational track and an Advanced track. Specific foundational topics will be Cybersecurity Differences within IT and ICS Domains, and Cyber Risks to ICS. Specific Advanced topics will be Analyzing Previously Captured ICS Traffic to Discover Vulnerabilities, and Assessing Wireless Vulnerabilities in an ICS Environment.

The Technical Workshop will return on September 22, with various technical topics being presented and providing a question and answer opportunity for participants. Topics include Topics include MALCOLM Overview and Demonstration, On-Site Trends, Incident Response (IR) Planning, and Control Environment Laboratory Resource (CELR) Demonstration.

Additional Information

For additional information, please contact us at ICSJWG.Communications@cisa.dhs.gov.

Previous Meeting Information

Please find agendas for previous meetings below.

Contact the respective author(s) directly for copies of presentations.

Please contact us if you have questions.

ICSJWG Newsletters

If you would like to submit an article or whitepaper of general interest pertaining to control systems security, please send it to ICSJWG.Communications@cisa.dhs.gov for consideration. Submitted articles will be reviewed and approved by ICSJWG prior to publishing. Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Article submissions for the September 2020 edition are currently being accepted for review until September 11, 2020.

Copies of the current Newsletter and the previous three Quarter's Newsletters may be requested from ICSJWG.Communications@cisa.dhs.gov.

ICSJWG Products and Materials

ICSJWG Webinar Series

Our Webinar Series is designed to inform the membership and general public about solutions to threats, vulnerabilities, and risks to critical infrastructure and control systems. The search for outstanding and value-added topics is ongoing. Please feel free to send an abstract or short description of any webinar idea to ICSJWG.Communications@cisa.dhs.gov and the Program Office will add it to the topic queue for review and possible inclusion into the series. Our intent is to have a webinar each quarter of the year. Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Our Next Webinar is Scheduled

ICSJWG is pleased to announce the next webinar on October 14, 2020 from 1:00 p.m. to approximately 2:15 p.m. Eastern Time.

Robust Cyber Risk Management - Simplified will be provided by Andrew Ginter, VP Industrial Security, Waterfall Security Solutions

"No matter what we do, experts will be found to argue that we are mistaken - there is no consensus for managing OT cyber risk. When serious incidents occur therefore, it is vitally important that we have a defensible rationale in place for our choices. What does a defensible security program look like?

Well, in this webinar, we start with common OT cyber risk fallacies: compliance is not due diligence, insurance does not keep the lights on, cyber catastrophes are not like hurricanes, we are all targets, and governments have limited ability to protect us from sophisticated attacks. We then explore powerful new approaches to physical & "analog" mitigations for cyber risk, including: Security PHA Review (SPR), Consequence-Driven Cyber-Informed Engineering (CCE), Secure Operations Technology (SEC-OT) and manual operations fall-backs. We then return to CCE to review the intrinsic limits and costs of conventional software-based mitigations, and to explore how all these mitigation fits into a robust, defensible, security program. We conclude by exploring common organizational resistance to robust programs, including: confusing detection with prevention, confusing encryption with protection, confusing statistics with prediction, "air-gapped" fallacies, and "reverse lottery" ROI calculations.

The bad news: macroeconomic trends are driving the pervasive cyber risk landscape to continue to worsen for the foreseeable future. The good news: there are simple and powerful new approaches to managing OT cyber risk, and the world's most secure sites already use these approaches routinely."

Andrew Ginter is the VP Industrial Security at Waterfall Security Solutions. He spent 20 years developing real-time operating systems, compilers, control systems, and IT/OT middleware products - products that connected IT & OT networks, thereby contributing to the cybersecurity problems that now plague many industries. Andrew spent the last 20 years working to resolve those problems, first as the CTO of Industrial Defender, building the world's first industrial SIEM, and now at Waterfall Security Solutions, where he works with the most secure industrial sites on the planet. Andrew is a co-author of the Industrial Internet Consortium Security Framework, the author of two OT security books and a frequent contributor to ICS security standards. He holds degrees in Applied Mathematics and Computer Science, and he writes in his spare time.

To register, send an email from a work-related address to ICSJWG.Communications@cisa.dhs.gov. We cannot process registrations from public email addresses.

Past Webinars

Past webinar presentations which have been released are found below and may be requested from the Program Office through ICSJWG.Communications@cisa.dhs.gov. If they are still available, they will be forwarded to you upon request.

March 2020 – OT Needs 'Special Consideration' Which Means a Modified Approach to Security and True IT/OT Convergence to Achieve a Robust VM Program

November 2019 – Secure Operations Technology

July 2019 – Persistent Threat-Based Security for ICS Systems

March 2019 – Five Ways to Ensure the Integrity of Your Operations

September 2018 - The Top 20 Cyberattacks on Industrial Control Systems

January 2018 – Life After Ukraine: Industrial Control System Cybersecurity Industry Trends and Strategies

October 2017 – Creating Predictable Fail Safe Conditions for Healthcare Facility - Related Control Systems and Medical Devices by Use of System Segmentation

July 2015 – Protecting M2M Systems at the Edge

October 2014 – The New Paradigm for Information Security: Assumption of Breach

June 2014 – Online Real Time Monitoring for Change Identification

March 2014 – I Think, Therefore I Fuzz!

Membership in the ICSJWG

By adding you to our membership rolls, you will receive all outgoing messages to the ICSJWG community, including newsletters, meeting notifications, training information, calls for comments, and other announcements.

Volunteer participation, by contributing ideas, sharing information, or working toward solutions for CI security, is encouraged. To get involved supporting a working activity which addresses critical infrastructure security, please let us know your ideas and the ICJSWG Steering Team (IST) and Program Management Office (PMO) will consider them. To get involved with the ICSJWG in general, please contact us at ICSJWG.Communications@cisa.dhs.gov.



