Forgot your password?
typodupeerror
Government Security United States IT Your Rights Online

Inside ICS-CERT's War Room 30

Posted by timothy
from the general-mckittrick's-around-somewhere dept.
itwbennett writes "When Stuxnet first appeared in July 2010, the U.S. response was gathered at the ICS-CERT facilities at Idaho National Labs (INL). 'This is the classified building where phones will start ringing should the next Stuxnet show up, and home to staffers who specialize in IT and industrial systems,' said Robert McMillan, who was invited to attend a training exercise run by the U.S. Department of Homeland Security (DHS) and INL. 'It's small — there were just four analysts there on Thursday — but it looks like the security operations centers you see big companies such as Cisco and Symantec: people sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled.'"
This discussion has been archived. No new comments can be posted.

Inside ICS-CERT's War Room

Comments Filter:
  • From what I have read about Stuxnet, it was a global coordinated effort. The benefit to that level of diversity is the "out of the box" thinking is off the chart. You put similar people with similar backgrounds in the same room, and the hacking world will eat their lunch.
    • by Yvanhoe (564877)
      It was an Israeli military effort. The general Gabi Ashkenazi admitted to have led this effort when going into retirement. Interestingly, I have read this news in several French newspaper but this information never seem to have crossed the language barrier. On both Stuxnet's and Gabi Ashkenazi's pages this fact is mentioned in the French wikipedia but not in the English one. The original source is the Israeli newspaper Haaretz.
      • by ZankerH (1401751)
        Those facts are not intended for public consumption by the goyim, citizen!
      • You misunderstand. I am talking about those that were trying to figure out what stuxnet was and who the intended target could be. That was a global effort. If there is a group attempting to thwart cyber threats, a global coordinated effort seems to make more sense to me than the war room mentality.
    • by Xugumad (39311)

      Out of curiousity, do you have any sort of netsec/infosec background, or does most of this come from reporters babbling about how everything is new and different (this time, really, we mean it)?

      Defending a system under attack in real-time is... both very easy, and very difficult. Your main option is whether you pull the plug or not, and if you do that tends to be very effective. The blue/red team wargaming seems more like the sort of thing done to make someone feel they're doing something useful.

      However, ha

    • by Gimbal (2474818)

      I imagine it would be a fun sociological experiment, to conduct a real sociological study of the hypothesis you suggest. Of course, there might be some collateral damage... Maybe it would make for a fine movie, anyways ;}

      [Insert j/k tag here]

  • ... with a big screen showing a real time feed of any situations ...

    Pfffft. That screen is nothing compared to what you need just to handle development in Eclipse. Pansies.

    • by Gimbal (2474818)

      Well ain't it some nice techno-bling though?

      Well it's some silliness anyways - an exaggerated presentation of simple information, really. Such tendency for exaggeration in "such things" - it is a large part of why I, myself, will not even try to get a job with such organization. And the world moves on.... :)

  • Because... sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled is a true indicator that things will get accomplished.

    • by Errtu76 (776778)

      We have the same for our Nagios instances. Big screen, big red alerts and stuff. Big deal. Fun for management, but my neck starts to hurt if i have to move around too much.

      • I think it depends on the application. A project I worked on the proposal for was an upgrade to a large rail system. They had a big room with about a dozen huge projection displays that together showed the entire route system with live status from sensor data all over the area. I think every operator had their own console to work on their particular bit of it, but having the entire thing visible to everyone at once provided important contextual information. Similar displays, even full immersion rooms (

    • by Inda (580031)
      Why not?

      I sit here with cmd.exe running and everyone thinks I'm doing something important. The trick is to choose a large directory, with many sub-directories, on a slow server, on the other side of the world.

      >tree /f

      They should pay me extra for knowing that
  • Big screens are just management porn, its only for showing off to visitors and be taken pictures in front of.

    We have the same in the SOC (Security Operation Center) where I work, and it's always fun watching politicians and other "prominent" people nodding their heads when our manager explains what the screens are showing. The fact is that we never ever use that information ourself, and all the real work is done one our own personal screens.

    But it can be made to look impressive, and make sure the money flow

What this country needs is a good five dollar plasma weapon.

Working...