Inside ICS-CERT's War Room

itwbennett writes "When Stuxnet first appeared in July 2010, the U.S. response was gathered at the ICS-CERT facilities at Idaho National Labs (INL). 'This is the classified building where phones will start ringing should the next Stuxnet show up, and home to staffers who specialize in IT and industrial systems,' said Robert McMillan, who was invited to attend a training exercise run by the U.S. Department of Homeland Security (DHS) and INL. 'It's small — there were just four analysts there on Thursday — but it looks like the security operations centers you see big companies such as Cisco and Symantec: people sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled.'"

That seems old school. Not in a good way.

[bigredradio]

From what I have read about Stuxnet, it was a global coordinated effort. The benefit to that level of diversity is the "out of the box" thinking is off the chart. You put similar people with similar backgrounds in the same room, and the hacking world will eat their lunch.

Re:

[Yvanhoe]

It was an Israeli military effort. The general Gabi Ashkenazi admitted to have led this effort when going into retirement. Interestingly, I have read this news in several French newspaper but this information never seem to have crossed the language barrier. On both Stuxnet's and Gabi Ashkenazi's pages this fact is mentioned in the French wikipedia but not in the English one. The original source is the Israeli newspaper Haaretz.

Re:

[ZankerH]

Those facts are not intended for public consumption by the goyim, citizen!

Re:

[bigredradio]

You misunderstand. I am talking about those that were trying to figure out what stuxnet was and who the intended target could be. That was a global effort. If there is a group attempting to thwart cyber threats, a global coordinated effort seems to make more sense to me than the war room mentality.

Re:

[Xugumad]

Out of curiousity, do you have any sort of netsec/infosec background, or does most of this come from reporters babbling about how everything is new and different (this time, really, we mean it)?

Defending a system under attack in real-time is... both very easy, and very difficult. Your main option is whether you pull the plug or not, and if you do that tends to be very effective. The blue/red team wargaming seems more like the sort of thing done to make someone feel they're doing something useful.

However, ha

Re:

[Gimbal]

I imagine it would be a fun sociological experiment, to conduct a real sociological study of the hypothesis you suggest. Of course, there might be some collateral damage... Maybe it would make for a fine movie, anyways ;}

[Insert j/k tag here]

Re:

[borrel]

the most famous SECRET it operations center just like the most famous SECRET base (area 51) does anyone think there is anything secret there?(i dont, maybe there WAS but then it would be moved to a secret location)

Re:

[L4t3r4lu5]

Thanks for an informative post on âoe the topicâ. I was looking for the information and researching on it when I stumbled upon your post. Thanks again

Hey there, link spammer!

By default, all URL's on Slashdot have the attribute "rel=nofollow" meaning that web spiders won't follow the links for the purpose of ranking in search engines.

What it DOES do, however, is ensure that your spam URL www dot efortesolutions dot com makes its way into my DNS shitlist, never to be resolved by anyone inside my organisation again. Furthermore, you're supposed to replace " the topic" with the actual topic of the post. Way to go, douchebag!

Big Screen?

[Lord Grey]

... with a big screen showing a real time feed of any situations ...

Pfffft. That screen is nothing compared to what you need just to handle development in Eclipse. Pansies.

Re:

[Gimbal]

Well ain't it some nice techno-bling though?

Well it's some silliness anyways - an exaggerated presentation of simple information, really. Such tendency for exaggeration in "such things" - it is a large part of why I, myself, will not even try to get a job with such organization. And the world moves on.... :)

Re:

[Gimbal]

Nice level-headed point of view, there.

Me, I'd be too preoccupied with the burning question, "I wonder how the Ren and Stimpy show would look, on that big screen?" too much to actually get the job done...

As far as data modeling for comp sec work, so that one wouldn't need a huge screen to get a useful view on a huge data set - well, digressing, I guess that's stuff mostly to show off to the boss, too...?

Re:

[ITShaman]

I know what you mean. I did a gig with a North American electricity supplier, and spent a lot of time in their Ops Center. They had 2 big screens at the front of the room, and about 8 workareas (semi-cicular desks) with 3 monitors on each of them, all the desks facing these massive 2 projection screens. One screen had real-time traffic and weather camera feeds going (why? I don't know, guess they wanted to know how the commute home would go...) The other screen had statuses for some of the more critica

Re:

[Dr_Barnowl]

The traffic and weather feeds were probably pertinent.

Traffic governs how fast people get home. The first thing people do when they get home is power up a whole bunch of stuff, some of it very hungry - like kettles, for making tea or coffee.

Weather affects how many lights you turn on, whether you use the dryer rather than the line, etc.

For the same reason electricity suppliers in the UK need to know the television schedules - historically, we have had fewer channels, and breaks in popular programmes coincid

Re:

[garyebickford]

Back in the day the flow through the sewer systems was an accurate measure of the popularity of certain TV shows, as everyone flushed during the commercials. Nowadays that probably isn't so true.

Because....

[jimpop]

Because... sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled is a true indicator that things will get accomplished.

Re:

[Errtu76]

We have the same for our Nagios instances. Big screen, big red alerts and stuff. Big deal. Fun for management, but my neck starts to hurt if i have to move around too much.

Re:

[garyebickford]

I think it depends on the application. A project I worked on the proposal for was an upgrade to a large rail system. They had a big room with about a dozen huge projection displays that together showed the entire route system with live status from sensor data all over the area. I think every operator had their own console to work on their particular bit of it, but having the entire thing visible to everyone at once provided important contextual information. Similar displays, even full immersion rooms (

Re:

[Inda]

Why not?

I sit here with cmd.exe running and everyone thinks I'm doing something important. The trick is to choose a large directory, with many sub-directories, on a slow server, on the other side of the world.

>tree /f

They should pay me extra for knowing that

Big screens are management porn...

[MrOion]

Big screens are just management porn, its only for showing off to visitors and be taken pictures in front of.

We have the same in the SOC (Security Operation Center) where I work, and it's always fun watching politicians and other "prominent" people nodding their heads when our manager explains what the screens are showing. The fact is that we never ever use that information ourself, and all the real work is done one our own personal screens.

But it can be made to look impressive, and make sure the money flow