(This piece was published in various Linkedin Groups in March, 2012.)
LIGHTS – A Non-Profit Program for Small Facility Control System Cybersecurity
A program called LIGHTS has been brewing among a group of industry people. It started with an idea and, as such things go, has gotten all grown up and now has a life of its own.
The idea started with the fact that – while the majority of critical infrastructure consists of small organizations – the majority of effort expended on the topic is focused on the few very large ones. Further, the idea went, securing small facilities with available open source tools could provide a dramatic improvement with moderate effort and little cost. Even further, the idea indulged itself, with a programmatic approach the process becomes repeatable with less effort, and making a habit of that sort of thing could make a significant dent in the problem.
The idea then took itself entirely too seriously – as energetic young ideas are prone to do – and went so far as to propose that MSSPs could manage these deployments safely and cheaply. On a roll now, the idea said that these MSSPs would act as effective hubs for appropriate information sharing: keeping lots of small facilities to-the-minute updated from the various analysis centers popping up everywhere. Finishing with a bang, the idea suggested that these facilities could be given the option to share anonymized metadata with some or all of these analysis centers, improving the security of their industry and the nation as a whole.
The program started with a pilot this past August at an electric cooperative in the southeast states. An Open Source SIEM (OSSIM) appliance was installed on a tap port and an encrypted tunnel setup back to an MSSP. That turned out to be about as easy as expected and the coop has ever since had a 7×24 partner who pays attention and offers informed advice. Under the LIGHTS program, approved MSSPs provide new members the open source on-site solution (or commercial options at member’s discretion) and discounted management services. LIGHTS MSSPs connect to the NESCO Tactical Analysis Center and other centers of information sharing.
Now chartered under Energysec, LIGHTS is beginning outreach through industry organizations and other means (like, say, the right Linkedin groups… ;~). Those interested in participating in the program can go to the LIGHTS page or contact any of the program sponsors or partners.
A roundtable webinar to launch the program is being scheduled for late April with LIGHTS founders Energysec, ICS Cybersecurity and Trusted Metrics along with Joel Langill and representatives from the Water and Electric sectors (check the site for date and reg).
It is critical that we enable these asset owners to implement cybersecurity as reliably as they do their operational systems. The LIGHTS founders believe the program provides a viable approach for asset owners challenged by budgetary and expertise hurdles.