DHS’s cyber wing pledges to invest more in industrial control systems security

The goal is to use data analytics, enhanced training, and better technology to guard infrastructure from hacking.
CISA, DHS, Department of Homeland Security, RSA 2019
The DHS and CISA booth at the 2019 RSA conference in San Francisco. (Scoop News Group photo)

The Department of Homeland Security’s cybersecurity division on Tuesday unveiled a strategy to help protect industrial control systems that support energy, transportation, and other critical sectors from being hacked.

The goal is to use data analytics, enhanced training, and better technology to help guard U.S. critical infrastructure operators from foreign hacking groups that have shown a steady interest in their networks.

“We’re going to ask more of the ICS community, but we’re also going to deliver more to you,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, said at a virtual meeting of the ICS Joint Working Group, a government-industry initative.

A better understanding of cybersecurity risk in the industrial space can lead to “being out in front of the adversary…putting friction into their plans so that they have to…develop new capabilities,” Krebs said.


“We’re going to develop deep data capabilities to analyze and deliver information the community can use to disrupt the ICS kill chain,” he added, referring to the different stages of a cyberattack on industrial systems.

U.S. critical infrastructure operators have continued to invest in defenses as multiple hacking groups have probed their systems in recent years. In late 2018, the group behind the infamous Trisis malware, which forced a Saudi petrochemical plant to shut down, expanded its targeting to include U.S. electric utilities.

Industrial organizations have studied those hacking techniques to boost defenses. For its part, CISA can do more to turn data from hacking incidents the agency responds to into security advice, Krebs said. That could mean more analyses like the one CISA released in February of a ransomware attack on a natural gas compression facility.

CISA has long appealed for collaboration with ICS security professionals, but the agency prioritized the effort after the federal government shutdown in December 2018 and January 2019. On Tuesday, Krebs pledged more frequent and in-depth discussions with industry executives to understand what they’re looking for from the federal government.

Krebs began the webinar by reflecting on the protests that have gripped the U.S. since the killing of George Floyd, an unarmed black man, by Minneapolis police last month.


“The recent events of civil unrest across the country really lay bare…a number of the concerns, the shortages, the lack of inclusivity and diversity that we have across the infosec and ICS security space and gives us a lot of time to reflect on where we are as a community,” Krebs said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts