In an earilier entry I linked to the INL/DHS site that will be a resource for the community. The site is early in its development and will be filled with numerous recommended practices, white papers, case studies and other useful info. My own bias is the sooner we can get this info out the better, even if it is not 100% complete or perfect, because there is such a dearth of useful information for the community.

The Recommended Practices Committee (which I’m currently a member) is looking for Subject Matter Experts to review and comment on the documents prior to putting them live on the site. Your help will improve the quality and speed the release. See the call below.

Industry subject matter experts (SME) are needed to help the Control Systems Recommended Practices program. As an industry leader, with knowledge and opinions related to control systems security, we are requesting your participation in this effort as a reviewer in the vetting process of development of new practices within your area of expertise prior to their release. We are also seeking input of good practices currently in use by industry concerning control systems cyber security topics.

Control Systems Recommended Practices are being developed through the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). Under this division, the Control Systems Security Program has developed a publicly accessible web site with valuable information on critical infrastructure control systems security (http://www.uscert.gov/control_systems).

This site presents information covering many control systems security related topics and provides information to make your systems more secure in the Recommended Practices area of the site. New practices now available on the site are “Control Systems Cyber Security: Defense in Depth Strategies” and “Mitigations for Security Vulnerabilities Found in Control System Networks”.

Upcoming recommended practices currently planned:

Operational Security Sep 2006
Building Security Culture Oct 2006
Wireless for Control Systems (802.11i) Nov 2006
Configuration Management Dec 2006
Wireless for Control Systems (IEEE 802.15.4 - Zigbee) Jan 2007

If you are interested in participating, please forward this solicitation to csspweb@inl.gov with your intent to be a reviewer of recommended practices (please provide your contact information). You will then be added to a recommended practices review mailing list that will be used for soliciting review and comments from industry SMEs.